Comment by reschlukas10

1. Oh sorry, thanks for the clarification

2. How is the email address encrypted? Why would an attacker need a stored hash? In a database leak situation it's possible to get to the data with only a valid email-password combination or am I missing something ? There is no information from a registered device necessary for the decryption right ?