diff --git a/shared/protos/identity_auth.proto b/shared/protos/identity_auth.proto
--- a/shared/protos/identity_auth.proto
+++ b/shared/protos/identity_auth.proto
@@ -38,13 +38,19 @@
   // Called by user to update password and receive new access token
   rpc UpdateUserPasswordStart(UpdateUserPasswordStartRequest) returns
     (UpdateUserPasswordStartResponse) {}
+  rpc UpdateUserPasswordContinue(UpdateUserPasswordContinueRequest) returns
+    (UpdateUserPasswordContinueResponse) {}
   rpc UpdateUserPasswordFinish(UpdateUserPasswordFinishRequest) returns
     (identity.unauth.Empty) {}
 
   // Called by user to log out (clears device's keys and access token)
   rpc LogOutUser(identity.unauth.Empty) returns (identity.unauth.Empty) {}
   // Called by a user to delete their own account
-  rpc DeleteUser(identity.unauth.Empty) returns (identity.unauth.Empty) {}
+  rpc DeletePasswordUserStart(DeletePasswordUserStartRequest) returns 
+    (DeletePasswordUserStartResponse) {}
+  rpc DeletePasswordUserFinish(DeletePasswordUserFinishRequest) returns 
+    (identity.unauth.Empty) {}
+  rpc DeleteWalletUser(identity.unauth.Empty) returns (identity.unauth.Empty) {}
 
   // Called by clients to get required keys for opening a connection
   // to a user's keyserver
@@ -155,26 +161,59 @@
 
 // UpdateUserPassword
 
-// Request for updating a user, similar to registration but need a
-// access token to validate user before updating password
+// First user must log in with the old password
 message UpdateUserPasswordStartRequest {
-  // Message sent to initiate PAKE registration (step 1)
-  bytes opaque_registration_request = 1;
+  string username = 1;
+  // Message sent to initiate PAKE login
+  bytes opaque_login_request = 2;
+}
+
+// After successfully logging in with the old password, the user now
+// re-registers with the new password
+message UpdateUserPasswordContinueRequest {
+  // Identifier used to correlate requests in the same workflow
+  string session_id = 1;
+  bytes opaque_login_upload = 2;
+  // Message sent to initiate PAKE registration with new password
+  bytes opaque_registration_request = 3;
 }
 
-// Do a user registration, but overwrite the existing credentials
-// after validation of user
 message UpdateUserPasswordFinishRequest {
-  // Identifier used to correlate start and finish request
+  // Identifier used to correlate requests in the same workflow
   string session_id = 1;
-  // Opaque client registration upload (step 3)
   bytes opaque_registration_upload = 2;
 }
 
 message UpdateUserPasswordStartResponse {
-  // Identifier used to correlate start request with finish request
+  // Identifier used to correlate requests in the same workflow
+  string session_id = 1;
+  bytes opaque_login_response = 2;
+}
+
+message UpdateUserPasswordContinueResponse {
+  bytes opaque_registration_response = 1;
+}
+
+// DeletePasswordUser
+
+// First user must log in
+message DeletePasswordUserStartRequest {
+  string username = 1;
+  // Message sent to initiate PAKE login
+  bytes opaque_login_request = 2;
+}
+
+// If login is successful, the user's account will be deleted
+message DeletePasswordUserFinishRequest {
+  // Identifier used to correlate requests in the same workflow
+  string session_id = 1;
+  bytes opaque_login_upload = 2;
+}
+
+message DeletePasswordUserStartResponse {
+  // Identifier used to correlate requests in the same workflow
   string session_id = 1;
-  bytes opaque_registration_response = 2;
+  bytes opaque_login_response = 2;
 }
 
 // GetDeviceListForUser