NaNaN

I think email accounts are fragile because you must make sure both the client and the server are secure.

If you use GPG public/secret keys, then you don't need email for password retrieving any more. (and no email spams about that)

1. For registrations, upload your public key and use your secret key to verify that you own the public key. 2. Retrieve your user password is simple, too. The server encrypt some text with your public key, then you use the secret key to decrypt and submit the original text to verify.

Nowadays, more and more people use password managers to generate strong passwords. Why not use GPG? Is any website using GPG for password retrieving?