[@Vovsoft] You say:
“Just to clarify: passwords are stored locally on your PC, not on our servers. The only time our servers see the password is during the password recovery process, when it’s sent to your registered email, and even then, we do not store the password or email.”
I would consider it a security risk to store the passphrase locally even if it is encoded and maybe encrypted as disassembling/decompiling your code is possible if anyone has the will to do so and can learn the code to decode stored passwords, much like they do with browser saved password recovery tools are reverse engineered even on non-open source browsers. I would suggest that in the reminder email with a copy of the original password in plain text, advise the end user to change the password once they are logged in to the program too since emails are in no way secure in transmission or storage locally or on the server.
Your help pages describe a different password creation wizard… you may want to update that as there is now no longer an input box method for recovery email as presumably you no longer offer password recovery service to non-registered users. We just get two password input box methods on the password creation wizard.
Also what happens if I press the Add drive button and select a 2TB drive does it move across all the drives contents it has the rights into a sub folder C:\VVSFTFLDRHD or a folder \VVSFTFLDRHD on the root of the drive just added? The uncertainty and undocumented nature of that button is just plain scary! Adding a drive to hide the data on the drive is inadvisable since unless we encrypt the data too there will just be hundreds of gigabytes of writes to storage media when locking and then later unlocking the drives… VERY undesirable for SSD drives and thermally stressful for electro-mechanical hard drives. If an entire drive needs to be hidden then the BEST solution is to do whole drive encryption with something like VERA-CRYPT and keep the drive encrypted all the time and use it encrypted.