@andybalaam Thanks for the talk! I've got a question while watching it. So I remember that I think Mozilla browser sync had one password for logging in and it was actually used for encryption too. Same thing with Bitwarden. It probably has the downside that if you log in using a web page a malicious web page can just grab the plaintext password and send it somewhere, but otherwise the log in process can be made secure in the sense that the server never actually learns the original password value and so can't break the E2EE private keys. Have you considered something like that?