@Fadi Just wanted to point out the scenario you described here recently happened to me and at a great cost. Granted my master password wasn't as strong as it could've been but a hacker got remote access to my desktop PC and downloaded my Enpass master vault and then brute forced their way in. This gave them access to my cryptocurrency accounts. There are a lot things I could've and should've done differently but if there were a way to stop a hacker from importing a stolen vault (email 2FA?) it would've saved me ~$250K. I think I understand the solution @Thoughts? proposed but that would require decrypting the vault every time you want to access/update it on each device which isn't really convenient/feasible. Needless to say this isn't a concern for me any longer since I've lost everything but I will be keeping on eye on this thread for any possible future solutions out of interest.
