[tjansen]

> Now the attacker has your medical history, tax and bank statements, contracts, ... your whole life to pick and choose the ransom amount.

But can't the attacker get most of that even without your PDFs? If the attacker can get access to my computer, the attacker can directly log into my bank account, access my insurance contracts... there is no need to access the PDFs, you can get most of the stuff directly by logging into the right site (or intercepting the session while I am logging in).

[bosie]

If an attacker has access to your computer, he should not be able to directly log into your bank account or insurance contracts. For me, both of those logins require the attacker having access to my 1Password account AND somehow have access to my phone (2fa). Please rethink your strategy if an attacker having access to your computer equals having access to your digital life.

[tjansen]

If the attacker is on your computer, he can access your bank account while you are being logged in (and possibly after that, if he disabled the logoff). He just needs to copy your session cookies and use your computer as proxy to use your IP address. 2FA doesn't really help in that scenario.

2FA 'only' prevents attackers from breaking in without having access to your computer, and you being logged in. If an action needs to be confirmed using 2FA (like a transfer of money), it can prevent this as well.

[ricg]

Well, the alternative would be to either not scan the documents at all and keep them in the basement as hardcopies or to scan them and protect them somehow (for example by keeping them on a device that is not connected to the Internet).