I don’t have anything on my computer that I wouldn’t want my mother to see 
but I do have tax papers I would not want on the Internet. My hard drive is encrypted but where do you store things like important digital financial documents?
I keep copies of my drivers license, passport, vaccination card, and tax returns, etc in 1Password.
1 Like
I’ve been concerned about adding 7 years of “heavy” PDFs (the tax documents are complex and large) to 1Password for fear of “bogging” it down—is that an unfounded concern?
At the rate of basically one tax return per year, I think you’d be fine. I haven’t done enough testing to say for sure where the ‘line’ is for 1Password’s performance, and I wouldn’t put multiple GB in there, but for regular PDFs, even large ones, I think you’re probably fine.
ISTR that when 1Password started offering 1Password.com they ad a limit of 1GB per account but I don’t know if that is still the case and I have no idea if it had anything to do with performance.
You could also make an encrypted Disk Image (sparsebundle) and add to it every year. I do that with some files using DropDMG. You can do it for free in Disk Utility, but I found DropDMG worth its weight for making it easier for me and knowing that I’m doing it correctly.
Then I store the password for the DMG in 1Password.
1 Like
Interesting question, but I don’t think it works like that. These programs are opportunistic… I don’t imagine they do “Oh this program is already installed at X, I’ll give up.” But I’m not an expert.
I do know that I’ve never heard this course of action recommended to people, and if it did happen to catch on, malware developers would just adapt. So I think it’s probably not going to be a preventative measure.
In general, security controls that rely on consistent behaviour of malware or threat actors don’t work over the long (or even medium) term. They can be very useful during a specific incident to contain an outbreak though.
It’s still 1GB for individuals, 5GB per person for business. And they still don’t have a way for us to check how much we have available. That makes me think they may not be checking the accounts too close.
I’ve also seen Snapshots highlighted as a technique to allow recovery in the event of a ransomware attack. Even if the Snapshot is visible to the attacker they shouldn’t be able to change it. (Assuming there’s a separate admin account for managing the snapshots.)
I saw this in relation to a Synology NAS, pretty good tutorial about it here for anyone interested: PROTECT YOUR FILES - How to Protect your Synology NAS from Ransomware / Crypto ATTACK \\ 4K TUTORIAL - YouTube
3 Likes
Hear, hear!
Excellent advice and good reminders for sure. 
1 Like
@karlnyhus is right.
Malwarebytes doesn’t protect against ransomware and several other threats on macOS.
I’ve deleted my posts above. Apologies to the five people that clicked the link.
3 Likes
What about storing files on Box.
From the little I have read the attacker might not be able to get to files stored there.
Still looking into it so if anybody has any guidance please let me know