I’m not sure if this is the correct place to ask this, so if there’s a better community please direct me to it.
I’m making a web app that I plan on hosting. Users will be able to create an account on the website. The only information about the user themself I store is email and an argon2 hash of the password. All the other information stored about a user’s account is specific to and only makes sense in the context of the app.
Now, while I only have one piece of PII, I’d prefer it to be zero. Ideally I’d replace the email with a username for the purpose of uniquely identifying users. However, there’s one problem: I want to be able to send an email to a user if they forget their password so they can reset it. I don’t know if there’s a way to do this without storing their email.
Is there a way to do the mentioned functionality without storing PII? Alternatively, is there another way of handling a user forgetting their password that doesn’t require them to remember anything and doesn’t need PII?