I agree about changing the naming. In the code it’s ‘locator’ and ‘password’. But not sure where to go with it!
One acts as the encryption, the other acts as a locator. So you can change your password without losing your location (ie the root of your data structure) on the network. Even then, the password is not just that simple. Is it an id? Is it an encryptor? Is it this or that? It should probably be clearer.
I think both these terms would benefit from a change to reflect what they are and the consequences when choosing them. Password / passphrase / secret do not indicate ‘how do I choose this and what are the consequences’. One word to capture all this is not easy, but I feel the current words are misleading and hard to reason about. The normal ‘username + password’ is familiar but I feel is misleading.
I would normally advocate combining them for the sake of simplicity and using some sort of derivation scheme, but then we run into difficulties when users change passwords due to the way locator is designed.
This has been discussed a lot in the past, I couldn’t find exactly what I wanted but this is a pretty good starting point: password and secret explained.