Alternatively you could use one bucket, a prefix per user, generate an access key per user and use a password based key derivation function to generate the encryption passphrase client side. This would still allow only the specific user access to their data without giving you as the Storj account owner any access.
You’d somehow have to deal with password changes though.
Alternatively you could randomly generate a passphrase locally and encrypt it using the users password client side. In that case you would just locally decrypt using the old password and then encrypt using the new one.