I was thinking about how one could go about recovering their forgotten password without providing an e-mail address.
One way that I can think of is to have a section in one’s profile for adding your GPG fingerprint. If you click “forgot password”, the server can generate a code, encrypt it against your public key, and provide you with the PGP encrypted message block. You would then use your private key to decrypt the message, input the code, and change your password.
I have not seen this type of password recovery being implemented in other sites, and I am not sure why. Is it that people are just not interested in having this option? Or maybe those who can keep a their private key secure are also usually able to keep their passwords secure and well-managed?
Perhaps logging in over PGP would be nice as well