Most websites use your password only so that you can prove who you are ("authentication"). Those websites can readily reset your password as long as you prove who you are via some other means (e.g. a security question or a password reset link emailed to your account).
Secure Meeting Place uses your password both for authentication and as input for encrypting confidential data (for the cryptographically-minded, the password is used by a standard password-based key derivation function to encrypt random 256-bit keys).
On Secure Meeting Place all confidential data (including messages, room and group names) is encrypted with secret keys that can only be accessed with your password. In this way, confidential data can never be read by our adminstrators nor by anyone else who does not have your password.
Your password is never saved in a form that we can read (this is standard best practice any website that uses user passwords). As a consequence of this, if you forget your password, we cannot retrieve it for you.
We strongly encourage all users to set a password hint for yourself (on the account info page), to be used to remind you of your password in case you ever forget.
Your password hint will be emailed to your email address on file when you request it via the forgotten password page.
A good password hint will be sufficient to remind you of the password you set, but have meaning only to you (in case someone else might get access to your email). You should never include your actual password as part of your hint.
Secure Meeting Place passwords can be reset, but because your keys are encrypted with your current password, reseting your password will cause
Access to each room must be re-activated by a current member of the room (because they have access to the room key when logged in). The password reset mechanism will notify the hosts of each room you are a member of.
If you need to request a password reset or have any questions or comments regarding Secure Meeting Place, please contact us at [email protected].