The main problem is that you ask for a password to create the account, I would avoid that and simply use a login via email using a temporary token with a very long session.
When the nsec must be exported, just create a password with some random words to have a good entropy, ask the user to repeat/write it down, and send the email with the ncryptsec.
But I need a password on signup anyway in order to authenticate with the server. Having two passwords seems unnecessarily confusing. Otherwise I like the idea.
Why do you need one password to authenticate with the server? A token sent via email with a 10 minutes expiration is fine. The signup can require only the email and validate the account at the first login (step that usually is necessary anyway).
I was thinking to authenticate further sessions, but you're right, you could do the email login every time, that's fairly familiar.
And the average user has just one device, max two, and don't has any tool to aggressively clear cookies (= sessions), so the need to redo the login should be quite rare.
