diff --git a/README.md b/README.md
index cf941b7d..471a83e6 100644
--- a/README.md
+++ b/README.md
@@ -212,7 +212,7 @@ go build -o pass-cli .
 go test ./...
 ```
 
-For testing guidelines, see [test/README.md](test/README.md). For Git workflow, see [docs/05-development/branch-workflow.md](docs/05-development/branch-workflow.md).
+For testing guidelines, see [test/README.md](test/README.md). For Git workflow, see [docs/06-development/branch-workflow.md](docs/06-development/branch-workflow.md).
 
 ## FAQ
 
@@ -248,7 +248,7 @@ For more questions and troubleshooting, see [docs/04-troubleshooting/faq.md](doc
 
 ## Contributing
 
-Contributions are welcome! See [docs/05-development/branch-workflow.md](docs/05-development/branch-workflow.md) for Git workflow and contribution guidelines.
+Contributions are welcome! See [docs/06-development/branch-workflow.md](docs/06-development/branch-workflow.md) for Git workflow and contribution guidelines.
 
 ## License
 
diff --git a/docs/01-getting-started/quick-start.md b/docs/01-getting-started/quick-start.md
index abe93fe4..c2977ecb 100644
--- a/docs/01-getting-started/quick-start.md
+++ b/docs/01-getting-started/quick-start.md
@@ -68,7 +68,7 @@ Store your master password in OS keychain for convenience?
 Benefits:
   ✓ No need to type password for every operation
   ✓ Secure OS-level storage
-  ✓ Can be disabled later with --no-keychain
+  ✓ Can be disabled later (see Keychain Setup guide)
 
 Enable keychain storage? (y/n): y
 
@@ -159,19 +159,23 @@ pass-cli get github
 
 #### Skip Keychain Integration
 
+To initialize a vault without storing the master password in the OS keychain, simply don't use the `--use-keychain` flag:
+
 ```bash
-pass-cli init --no-keychain
+pass-cli init
 ```
 
-Creates a vault without storing the master password in OS keychain. You'll need to enter your password for each operation.
+During the interactive setup, answer "n" when asked about keychain storage. You'll need to enter your password for each operation.
+
+#### Skip Audit Logging
 
-#### Disable Audit Logging
+Audit logging is disabled by default. To enable it during initialization, use:
 
 ```bash
-pass-cli init --no-audit
+pass-cli init --enable-audit
 ```
 
-Creates a vault without audit logging enabled (not recommended for production use).
+If you omit this flag, your vault will be created without audit logging.
 
 ## Your First Credential
 
diff --git a/docs/03-reference/command-reference.md b/docs/03-reference/command-reference.md
index 7a0eaf6b..6e4f0aeb 100644
--- a/docs/03-reference/command-reference.md
+++ b/docs/03-reference/command-reference.md
@@ -1561,11 +1561,17 @@ secret-tool search service pass-cli
 secret-tool clear service pass-cli vault /old/path/vault.enc
 ```
 
-**Prevention**: When deleting or moving vaults, remove the keychain entry first:
+**Prevention**: When deleting or moving vaults, remove the keychain entry first using your OS credential manager:
+
 ```bash
-# Before deleting vault
-pass-cli change-password --no-keychain  # Disables keychain
-# OR manually remove from OS keychain
+# Windows
+cmdkey /delete:pass-cli
+
+# macOS
+security delete-generic-password -s "pass-cli" -a "$USER"
+
+# Linux
+secret-tool clear service pass-cli vault /old/path/vault.enc
 ```
 
 #### What if first-run detection doesn't trigger?
diff --git a/docs/04-troubleshooting/faq.md b/docs/04-troubleshooting/faq.md
index 74b3ae67..66205af9 100644
--- a/docs/04-troubleshooting/faq.md
+++ b/docs/04-troubleshooting/faq.md
@@ -75,6 +75,29 @@ You'll be prompted to enter 6 words from your 24-word recovery phrase to verify
 
 ---
 
+**Q: What happens if I forget my master password?**
+
+A: If your vault was initialized with BIP39 recovery (default since recent versions), you can recover:
+
+```bash
+pass-cli change-password --recover
+```
+
+You'll need to:
+1. Enter 6 random words from your 24-word recovery phrase (challenge-response)
+2. Set a new master password
+3. Vault will be re-encrypted with the new password
+
+**Important Notes**:
+- Save your 24-word recovery phrase during initialization (write it down physically)
+- Recovery phrases were introduced in recent versions. Older vaults don't have them.
+- If you don't have a recovery phrase, the vault is unrecoverable without the password
+- You can skip recovery generation with `pass-cli init --no-recovery` (not recommended)
+
+See [BIP39 Recovery Guide](../../specs/archive/003-bip39-mnemonic-based/quickstart.md) for detailed recovery instructions.
+
+---
+
 **Q: Is my data sent to the cloud?**
 
 A: No. Pass-CLI:
diff --git a/docs/05-operations/health-checks.md b/docs/05-operations/health-checks.md
index 338a1c5b..e2996c84 100644
--- a/docs/05-operations/health-checks.md
+++ b/docs/05-operations/health-checks.md
@@ -208,7 +208,7 @@ On Windows, ensure only your user account has read/write access.
   Recommendation: Fix configuration syntax or delete to use defaults
 ```
 
-**Solution**: Edit `~/.pass-cli/config.yaml` to fix syntax errors, or delete the file to regenerate defaults.
+**Solution**: Edit `~/.pass-cli/config.yml` to fix syntax errors, or delete the file to regenerate defaults.
 
 #### Missing Configuration (Pass)