It should be fairly obvious that the key is derived from a password, and all knowledge of that password in the universe disappears, the key, and thus any data, are unrecoverable.
So, if you want a "forgot password" kind of function, you'll need to preserve some knowledge of the users' passwords. Obviously, doing so will diminish the security of the users' data. First of all, if you (as the individual running such a service) maintain knowledge of the users' passwords, you maintain access to all their private data. Secondly, you must be keeping those passwords somewhere, which means they can be compromised.
If, after careful analysis, you're willing to degrade the security in favor of convenience, you'll want to do so carefully.
One scenario you might consider is to use asymmetric crypto to maintain an encrypted database of users' passwords. You would generate a strong key pair, and put the public key on your web server. Whenever a user created or changed a password, you would use the public key to encrypt that password. If the user needed to recover the password, your system would require human intervention on your side. You would need to fetch the encrypted password from storage into a safe environment, and decrypt it with the the private key.
Ideally, you wouldn't keep the encrypted passwords on the web server. Instead, you would encrypt them on the web server and immediately write them to some other, hardened server configured to allow write-only access from the web server.
I suppose if you had such a setup, you could remove the need for a human to decrypt. This would further degrade security, and may or may not be acceptable. In this scenario you would keep the private key on that hardened server, along with some code that would use it to decrypt the "lost" password, and effect the password change on the web box. Of course, that's clearly not as secure as keeping the private key completely airgapped on a flash drive in a safe, or whatever.