I use icloud. I'm not concerned with anyone external outside of Apple accessing my files, as you are correct, that is already 2 factor. I have no idea, no clue, how Apple handles access to data internally, nor who is in charge, nor who could theoretically access files, nor if these people have ill intent. And I can never know this, nor can anyone outside of apple, and outside of the cloud security people. Every company, especially one as large as Apple, is a microcosm of society, so you can bet there are now thieves employed there. I don't know, nor can I ever find out, if any single person can access my files there, especially from someone who would be very happy with getting a copy of an enpass file, secretly. And although my password is long and unique, I really don't know how long a brute force attack could take. And as a person here said, keyloggers etc, and it being an apple computer I use, and the extreme sensitive nature of this file, just puts enough doubt there for me to prefer that a single password could access hundreds outside of my control. Like I said, the author of Keepass thought it enough of a concern to put the "keyfile" feature in, which IMO would suffice. In fact I would use keepass instead on my mac if there were a decent mac port. But I do like the enpass interface better actually, just this one point gives me slight pause with using it. I still maintain it would offer that much more protection, and the "keyfile" like feature doesn't seem like it would be super difficult to implement from a software standpoint.