Normal people assume that if their account is compromised, the appropriate countermeasure is to change their password and get on with your life. Is Dropbox a tool for normal people or for people who geek out on device authentication?
So, in proposed scheme, they change the password and everything goes out of sync.
The proper and perfectly intuitive way is to not think what users'll assume. Just add a checkbox "also, unlink all my devices" on the very password change page.
