How to implement reset password for a password manager
To answer your question "So to clarify my question, are there any best practices for recovering data encrypted with a password if that password is lost?", the best practice is you don't recover encrypted data when you loose your password. Because the point of encryption is to not be able to decrypt without the password, being able to do otherwise will weaken your encryption scheme. So you must ensure not to loose the password in the first place, for example by writing it down and placing it into a safe.
For your question "a version encrypted with the users email + some random token generated when the user creates his account, but would this be safe?", the answer is no, that wouldn't be safe. Because you will have to save the token (and the email address or its hash), it's the same as saving the password in clear text.
If you need flexibility, don't encrypt data with a password. Encrypt your data with a randomly generated encryption key, then encrypt this key with a password and save the key in its encrypted form. You can then encrypt the key with other passwords and save it too, maybe elsewhere (in a vault). Keep in mind that the resulting strength of the encryption will be the one of the weakest password used.
This is essentially a followup to @MarkoVodopija's answer. The rationale behind password recovery for encryption is just to store the password or the key in a safe place, because only a backdoor or a major flaw in the encrytion software can allow to read the data without the key
Depending on what you accept as safe will lead to different solutions. Besides the ones proposed by Marko you have:
- write it on a paper and store it in a sealed enveloppe in a physical safe. It used to be a good practice for admin passwords, and it is a really bullet proof way... if you can trust all owners of the safe key.
- share it with someone you trust - and trust him/her to not forget it... But this is more appropriate for shared secrets, and if you think you can forget it, why could not the other person forget it too?
- in a corporate Microsoft network, it is common for the key used for encrypted folders to be encrypted once with the owner's private key and once with a network admin accessible key to allow the system admin to unlock the folders if the employee were to leave without first giving everythin to someone else - in case of an accident for example.
When you derive a key from user password, there is no simple way to have reset password functionality. Please see this and this for an example of a well known implementation and how a password reset is solved.
Many implementations have recovery key functionality in case master key is lost (or forgotten in your case). BitLocker is one example.
You might consider creating password reset key and send it to the user email upon registration. This can be compromised if user email is hacked though.
Other option is to have recovery key shared (using Shamir's Secret Sharing algorithm for example) between two or more users/administrators so in case of a reset, multiple parties are needed to reset the password for given user. Something similar is done in Vault.
I believe there is no any specific best practice just some well known implementations. It all depends on your design needs.