1. Resetting password
I understand that by design restoring password is impossible and it’s great. Nevertheless, in my opinion there should be an option to reset the account to a virgin state (i.e. delete all existing data and start from 0) if user can confirm that they are them (account reset confirmation link via email). Nowadays, good email providers offer a bunch of protective measures such as 2FA and we can be quite sure that user is the user if they confirm the action by email.
It’s important not only because the Inkdrop subscription is tied to email address but also because many people have just one email address which is very well protected and it’ll be very inconvenient for them to create new one just to use it as their new login to Inkdrop.
2. Changing password
It’s very good security practice to change passwords from time to time. Moreover, sometimes passwords get compromised. Imagine you HAD TO work with your Inkdrop files at your friends Windows PC and later he tells you that he had to bring his PC to workshop because it had some tricky set of viruses and trojans. What will be your first reaction? Right! To change the password. Will Inkdrop have to re-encrypt entire data or just re-encrypt encryption key?
@craftzdog I’d like to hear your opinion about this matter. How do you see the situation?