It's not based on your IP. It's based on digging through your system attributes and files and other private data to generate a signature to upload home. It's spyware. It also does absolutely NOTHING to address the fact that it still shares the same point of failure that all previous mechanisms used still share: An external, third-party email service. In short, your account STILL has the same point of failure as before, and there's nothing you OR Cryptic can do about it. If there was no fallback method, then security would be limited only to a secret known only to you and Cryptic, and thus no third party could break the chain.
Email-based "recovery" is a blight on the face of Internet security.