I'm currently evaluating 1Password's defenses against attack vectors from Ransonware. I'll start off with a simple question;
What happens when my vault is sychronized/backed up to the cloud via Dropbox and a particularly nasty party somehow got to it via one of my mobile devices or a laptop or even a desktop and started encrypting my whole Dropbox without my knowledge? The 1Password keys are also encrypted and then "synchronized" to ALL my other devices that also use 1Password.
As you might be aware, Dropbox does not in itself offer 2FA during the authentication phase making it more likely for a potential attacker to focus upon.
Besides suggesting I implement a strong password for Dropbox (which I have), and not fully understanding how the 1Password secret keychains are stored in Dropbox, can you advise what happens in this particular scenario? It seems to me that the endpoint devices that synchronize with Dropbox becomes the weak point in the chain. Comments? Suggestions?
1Password Version: Current (but also applies to all)
Extension Version: Not Provided
OS Version: Windows, iOS, Android
Sync Type: Dropbox and iCloud