toc
- Disclaimer
- Brief ASCII diagram of our overall setup
- Layer 01. Securing the physical
- Much ado about safe deposit boxes
- Home safes, a gap in the market, and a buried lede
- TL;DR
- Layer 02. Password and secret management
- Password manager of choice: KeePassXC (Windows, Mac, Linux)
- 2FA TOTP generator of choice: Aegis (Android)
- Phone-computer file sync of choice: Syncthing (Windows, Mac, Linux, Android)
- Backing up the crown jewels with tarsnap (Mac, Linux)
- Much ado about least-privilege keyfiles
- Hardware keys, 2FA, and TOTP, oh my
- ⏲️ The long slog: Actually fix things up
- Sign up for data breach monitoring
- Wait, what about recovery codes?
- TL;DR
- Layer 03. Backing up /home
- Before we begin: Enable full-disk encryption first‼️
- External local hard drive of choice: 🤷 no strong preferences
- General backup software of choice: restic (Windows, Mac, Linux)
- Remote backup software of choice: Backblaze B2 (cloud)
- Returning to the “Aegis in tarsnap or nah” question
- TL;DR
- Closing the loop
- Create your Horcrux
- TL;DR
- Baby’s first chaos engineering
- Postscript: How much does all of this cost?
- Postscript: Wargaming common scenarios
- My phone is lost or stolen
- My laptop is lost or stolen
- My phone AND my laptop are lost or stolen
- My house was vaporized by Pow!, the Wow! signal’s older brother
- I have woken up in a hospital bed with no idea who I am
- I have been reincarnated against my will and I want my 401k back
I like security! 🔒 Even though my personal data is about as interesting as turnip soup, I really enjoy thinking about things like “threat models” and “risk optimization”. I happened to have some time on my hands this summer, so I finally decided to pull all my geeky security knowledge to use and perform my first-ever digital resiliency audit. To atone for my past security sins, and to hopefully avoid new ones. Doubtless I will continue to iterate and improve upon the tactics I discuss here in years to come, but for now I think this is a pretty good start!
“Digital resiliency” is a short way of saying, if shit hit the fan tomorrow, would I be able to get myself and my family back up and running with a sane minimum of operational hassle? In other words we’re primarily talking about backups and secrets. We explicilty won’t be talking about other good ideas for everyday privacy and anonymity, like e.g. running as much of your digital traffic behind a quality VPN (for what it’s worth, I like Mullvad, especially after discovering it runs out of RAM).
Digital resiliency sits at a saddle point between cybersecurity, regular security, disaster recovery, and business continuity. I publish this all here because I think this is a pretty good starting point for people who want to go from zero to one on this. If you want to go farther, especially more in the everyday privacy and anonymity direction, the Personal Security Checklist is a great next stop!
This post is quite long, so each layer has a TL;DR at the end describing briefly what I did, and what I recommend. I also made a mercifully short checklist that implements the basic setup we have here, if you’d rather try it yourself first.
Disclaimer
Important Disclaimer and Limitation of Liability. This document outlines an opinionated, personal approach to digital security and resiliency. It is provided by an individual acting in a personal capacity. By reading and using this information, you agree to the following terms:
No Professional Relationship. This guide is provided for informational and educational purposes only. Your use of this guide does not create a professional-client, fiduciary, or any other advisory relationship between you and the author. This is not a professional security audit or consultation service.
No Warranties. THIS GUIDE AND THE INFORMATION CONTAINED HEREIN ARE PROVIDED "AS IS" AND "WITH ALL FAULTS," WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED. ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, ARE HEREBY EXPRESSLY DISCLAIMED. The author does not warrant that the methods described will meet your requirements or that they will be error-free or completely secure.
Assumption of All Risk. You understand and acknowledge that implementing procedures related to cryptography, data backup, and secrets management involves substantial risk, including but not limited to permanent data loss, financial loss, equipment damage, and being irrevocably locked out of critical accounts. You voluntarily and expressly assume all risks associated with any action you take, or refrain from taking, based on the content of this guide.
Limitation of Liability. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF DATA, LOSS OF PROFITS, OR BUSINESS INTERRUPTION) ARISING OUT OF YOUR USE OF, OR INABILITY TO USE, THE INFORMATION PROVIDED, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Not Professional Advice. The content herein is not, and shall not be construed as, professional cybersecurity, legal, or financial advice. You should consult with a qualified professional for advice tailored to your specific circumstances and jurisdiction.
Information Currency and Endorsements. The information is considered current as of its publication date in 2025 and will not be updated. Any mention of third-party products or services is not an endorsement, and the author has no material connection to the providers mentioned.
Your security is your responsibility. Proceed accordingly.
Brief ASCII diagram of our overall setup
+-----------------------------------------------------------------+
| PHYSICAL SECURITY (Safe, Safe Deposit Boxes, etc.) |
| - Important documents (originals local, copies in deposits) |
| (likely to survive fire) |
| - USB drives and backup hardware key/s |
| (will NOT survive - offsites REQUIRED) |
| +-------------------------------------------------------------+ |
| | GENERAL DATA BACKUPS (/home) | |
| | - 3-2-1 Restic backups (Local drive + Backblaze B2) | |
| | +---------------------------------------------------------+ | |
| | | ENCRYPTED SECRET STORES (The Digital Keys) | | |
| | | - KeePassXC database (.kdbx) | | |
| | | - Aegis backup file (.json) | | |
| | | - Additional tarsnap backup | | |
| | | +---------------------------------------------------+ | | |
| | | | *** THE CROWN JEWELS *** | | | |
| | | | (minimum secrets needed to rebuild from zero) | | | |
| | | | | | | |
| | | | 1. KeePassXC master password (memorized) | | | |
| | | | 2. Aegis raster password (memorized) | | | |
| | | | 3. Tarsnap key file (on paper) | | | |
| | | | | | | |
| | | +---------------------------------------------------+ | | |
| | +---------------------------------------------------------+ | |
| +-------------------------------------------------------------+ |
+-----------------------------------------------------------------+
I’ve chosen to present this as ASCII for those who may be reading this in a text-only web browser, like Lynx. Since that makes this whole page just rich text, maybe someday I’ll finally get a proper Gemini mirror of this page too, but don’t count on it any time soon.
This diagram is a little confusing at first, but hopefully it will make perfect sense after you’ve read through the whole post.
Layer 01. Securing the physical
Ya can’t have digital security without physical security.
Or at least someone needs to have it. Part of what people pay for when they pay for cloud services is the ability to not have to handle scheduling for armed guards to surveil the giant datacenter where their VM is running. It’s a quiet triumph of the industry that we rarely ever even have to think about how much this cost factors into the upsell.
Things here in Finland are pretty safe as it is, of course. Homicide rates are 10-20% that of my motherland, the United States. In our current residence - old school betonilähiö, quiet part of town, nice auto-locking apartment door, strong concrete walls, not a gas stove in the whole complex - we’re pretty well protected against both crime and common accidents like fire.
When I was younger I used to think that managing these base rates was the most important lever you could pull, and that personal hedges like the ones we are about to spend (EDIT: 65, holy shit, really?) minutes discussing weren’t of much importance. I’ve somewhat moved away from that kind of thinking, but I won’t turn down a low base rate if it’s on the table. There is something admirable about any society where even people who take no precautions whatsoever still get home in one piece most of the time.
Much ado about safe deposit boxes
Still, you never know!
As a family of multinationals, we first opted to make copies of anything that seemed important to us and put those copies into a few safe deposit boxes across a few different countries. The idea here is to minimize regime uncertainty by maximizing the number of jurisdictions we could safely head to in the event of e.g. identity theft to begin the clawback process. (Did I mention that this is my hobby and that even boring people are allowed to have fun and pretend to be Jason Bourne when they want to?)
Let me be clear from the outset, those safe deposit boxes are the most expensive thing in this whole scheme. They are also ludicrously cheap for the peace of mind they can buy you as a multinational. Value is not cost! Nobody knows when or where the next geopolitical incident is going to kick off, not everything carries the same weight in digital simulacrum, and the last thing I want to worry about for me and my family if we have to flee an actual conflict is whether or not we will end up stateless in the next place because I didn’t dot my T’s and cross my I’s. If this is not part of your threat model, feel free to leave them out and make this whole system an order of magnitude cheaper. You can always ladle them back in later.
Also, before we continue, it behooves me to say that if you’re considering checking out a safe deposit box for yourself, you would do well to run your provider through the Safe Deposit Specialists’ Safe Deposit Report Card before you sign any contracts. A 30 question checklist approved by the undisputed safe deposit “GURU” himself, Dave McGuinn. God, I love capitalism.
What kinds of things should you put in your safe deposit boxes? High-quality copies of any or all of the following documents: Passports, visas, birth certificates, citizenships, naturalization certificates, national ID cards, permanent residency cards, driver’s licenses, social security cards, marriage certificates, divorce decrees, wills, testaments, any manner of trust and legal documents, power of attorney documents, adoption papers, deeds to property, vehicle titles, insurance policies, tax returns. The more, the merrier. Every addition makes a swift recovery from an unplanned international exit that much more likely to succeed. USB drives containing various slow-moving key files, printed out recovery codes (if you choose to keep such), and backup hardware keys (if you choose to use them) are also all good options, and we will discuss them at length later.
Things you should probably not put in a safe deposit box: Actual cash, actual valuables. Genuine safe deposit heists seem to be vanishingly rare operations these days. Most of the tail risk you likely face comes from the operations of the bank themselves. You’d think stealing a necklace or collection of rare watches you started in midcentury Poland would be an immediate and severe career-ending move for a bank employee, but the banks control the cameras, and the boxes are not insured for as much as you think. Contrawise swiping a fat, opaque envelope for some artisanal small brew identity theft would be taken much more seriously, as the bank’s employees would all be prime suspects due to their training in e.g. confidentiality and KYC requirements.
But we can do better. Put the documents into a second, smaller, locked locked inside the deposit box. Even if e.g. you miss rent for a few years and the bank drills the deposit box itself open to empty it, getting permission to open a second locked container inside the box is a whole different story. The most ridiculous way you could do this is store a full set of keys for the safe deposit boxes at home, and then store copies of every box except the box in this safe deposit box in each safe deposit box. That is to say, Deposit Box A has loose keys for B and C only, Box B for A and C, Box C for A and B, and home safe for A, B, and C alike. Bring the home keys with you each time you visit. In a pinch, since you do own this smaller box, you could always just saw the lock itself off without issue.
(Hey, do you remember that thing I said about earlier about managing base rates? It turns out that when you’re modelling threat risks from small groups of people, your own personal actions can have much more sway over the rates of good or bad things happening. The background rates you inherit from society at large are less easily perturbed by this. This isn’t that surprising by itself; people have habits, and you can observe those habits and work with them, that’s true pretty much always. What’s a real mindfuck to think about is that, sometimes, the difference comes down to the fact that you can reliably assume that evil maids, bank employees, bank heist experts, etc. are fundamentally capable people who can quickly ballpark risk-reward ratios and shy away from things with abysmal ones. Yes, I’m saying the 5 people in your country who can successfully steal a safe deposit box undetected are probably really talented people, and in another life probably would have beocme successful C-suite executives or False Claims Act bounty hunters or something, sue me. Less capable foes under pressure are much more likely to just start causing havoc at random, consequences be damned, even if that runs directly counter to their stated long term goals. As you get better at things like this, you might find that such wanton brutes begin to swamp your actual tail risk calculations. Anyway.)
To abate the far more likely case of simple clerical error, I put a piece of paper placed inside each safe deposit box upon rental stating e.g. “This is deposit box #123, of So-and-So Bank, first rented by Andrew Quinn on 2025-12-25, if this is misplaced please call 1234567890 immediately or email andrew@example.com.” The idea here is less to get an actual notification than to quietly assist at a distance a frazzled junior bank employee moving things around, realizing this is supposed to be box #123 in BIG LETTERS, but it’s actually in box #132, and quietly rectifying the mistake without my knowledge.
You will learn many times reading this document, by the way, that on a cost per archival-year basis, modern, ordinary, acid-free copy paper is bewilderingly cost-effective for small, sensitive data compared to almost everything else. Call it on the order of one tenth of a cent per letter/A4 page per year, printer ink not included. (Friends don’t let friends buy inkjet printers. Get yourself a cheap black and white laser printer instead and feel the manacles binding thy wrists rust away.)
Let me not overstate the odds of anything actually happening to any given safe deposit box, though. In a given year, it’s probably south of 1 in 10,000. With our common sense protocols above, this probably dips to 1 in 100,000. The risk of actual attempted identity theft is a couple of orders of magnitude lower still. Identity thieves have much cheaper ways to get dirt on potential victims at scale thanks to the Internet.
Home safes, a gap in the market, and a buried lede
How about the originals? There are a lot of documents that (a) everyone has, or should have, and (b) under no circumstances should be locked in a box hundreds or thousands of miles away from your bodacious excellency. Like, uh, your passports.
For those, you want a safe! A regular old fireproof safe, bolted to the floor of your home. As hinted, your two biggest threats are the frequently overestimated theft, and the frequently underestimated fire. You want to make it prohibitively annoying for a thief to actually get in there without being caught, and you want to make it durable enough that an ordinary housefire can’t destroy the contents until it is put out. (Counterintuitively, you also want a safe with some waterproofing too, because… guess what we usually put out fires with.)
For our purposes I consider the “Oh shit they have an actual safe bolted to the floor” moment to be sufficient burglar deterrence. A safe that can’t be wheeled out on a dolly is a safe the vast majority of even well-organized heists aren’t going to mess with. Anyone wailing on that thing with a crowbar for 15 minutes in my quiet apartment block is going to draw suspicion very, very quickly. So I’m going to focus on fire. Scan your local conditions before you decide.
For fireproofing, look for an Underwiters Laboratories class rating like “UL Class 350 1-hour”. All this means is that, in a fire of up to 1700 degrees Fahrenheit/920 degrees Celsius, the interior of a room-temperature safe will not exceed 350 F/175 C for at least 1 hour. Say it with me, what temperature do books burn at? Fahrenheit 451! I have no good advice about what to do against malicious arson, as the accelerants arsonists use can easily push a housefire far above their 1550 F/845 C peak. Seek paid consultation if this is part of your threat model.
UL Class 350 is generally fantastic for paper. It’s … not the best for electronics like USB drives. Those tend to require UL Class 125 to stay in working order, which is a much, much harder engineering problem. I couldn’t find anything below $500 or so that claims UL Class 125, and even that took a lot of digging.
At this point, dear reader, you might think “Hold on, nothing in thermodynamics says we can’t just put a tiny, ultra-protected box inside of a bigger safe that can maintain 125 F/50 C. In fact, if the surrounding air won’t go above 350 F/175 C for at least an hour, that should be easier than protecting against the flames themselves. The inside/outside delta is much lower.” I agree this seems straightforward, especially in the age of modern phase-change materials. The actual primary challenge I foresee is humidity - 80% humidity or lower also needs to be maintained within the minisafe to protect electronics, but often consumer-grade UL Class 350 safes cut costs by releasing trapped water inside of e.g. gypsum (CaSO4 * 2 H2O), or something in the event of a fire instead of trying to rawdog the thermal energy entirely within the walls themselves. Let me emphasize is a phenomenal way of absorbing heat without raising the temperature, and it even helps keep flames out by pressurizing the inside of the safe, but it also makes it very easy to completely saturate such a small space. I couldn’t find anyone even attempting to build this kind of product, so if anyone wants to join me in a lean $5-10M market cap market opportunity for the price of an Autodesk license, let me know.
Ultimately, that’s alright. Trying to protect onsite copies from tragedy is a fool’s errand anyway. We’re all engineers here; we know by now that it’s usually easier to buy system resiliency by doubling up on cheap 99% available components than by purchasing one 99.99% component for a 10x markup. The data we will later on want to keep (a) fully offline and (b) in working order is tiny enough that we can just print it out, meaning UL Class 350 is hunky dory for us. Hardware keys are cheap enough in the 2025 market and useless enough without additional context that just keeping a spare at grandma’s house (or one per safe deposit box) is more than enough.
Is that it? Well… There is one other option. It’s silly enough that I just have to mention it: Literal buried treasure. My frustrations at not being able to find consumer-priced UL Class 125 fireproofed containers eventually led me to remember a la Finland’s mandatory underground bunkers, which turn out to be … cool hangout spots, that, once you dig down about 10 meters/11 yards or so, the earth tends to stay within a very narrow band of temperatures, despite the enormous amounts of solar radiation being absorbed during the day. More importantly, earth is a terrific and inexpensive insulator. Even the most severe of house fires, raging directly above a capsule buried a foot or so down, is unlikely to raise the inner temperature to 125 F/50 C and destroy the electronics within. When I went hunting for underground safes, I happened across the delightful DirtyMan Safe which works on this exact principle. Caveat emptor more than usual, as this is not the kind of thing that I think could be given a UL rating even in theory, but the physics makes sense to me, and it appears moisture-controlled as well. I would toss in some silica gel packets to be safe in case the plastic breaks.
TL;DR
- Get a fireproof, bolt-down-able safe. UL Class 350 1 hour or better to protect paper.
- Put originals of any important documents into that safe.
- Do not trust your safe to protect electronics.
- Our plan works around this with paper.
- Consider: Store copies of everything in a safe deposit box off-site.
- Place all such into a smaller, locked container inside the deposit box.
- Place a piece of paper establishing provenance within, with the correct deposit box number in BIG NUMBERS.
- Consider, if you’re James Bond: Multiple safe deposit boxes, under different (reliable) legal jurisdictions.
- Consider, if you’re a pirate: Below-ground and buried safes.
Layer 02. Password and secret management
Now for the good stuff.
To my mind, good secret management seems to be the most important thing you can do when it comes to digital resiliency. I invite any actual security professionals to weigh in if they disagree. If you can’t access your password manager, or your TOTP authentication codes, or your hardware keys (you are using multiple hardware keys and not that single YubiKey your boss gave you seven years ago, right anon?) you are dead in the water. I consider this even more important than a good generalized backup strategy, given how much of our lives are inherently online these days, although generalized backups are a close second.
Hence why we’re going to dedicate a tiny, extra-special additional layer of backups, just for this. My guiding principles are to make things as cloud-agnostic and proprietary-agnostic as possible, not because I hate good engineers making an honest buck, but because some of these things may need to literally survive for my whole life, and there is a nonzero chance that you and I will outlive any given tech company.
Password manager of choice: KeePassXC (Windows, Mac, Linux)
I have run the gamut of password managers over my life, ever since I discovered the original KeePass back in high school. After a few halcyon years with cloud-based options like Bitwarden, I ultimately decided that leaving such secure data in the hands of any cloud-based solution, even one which pinky promises encryption at rest, is, for someone who already has as much sysadmin experience as yours truly, asking for trouble on the margin. Especially after leafing through KeePassXC’s security audit from a few years ago, I felt satisfied that my data would be secure within its database format, provided that I myself practice proper password and keyfile hygiene. (Huge thanks to Zaur Molotnikov for doing this audit gratis!)
A distant second reason I like KeePassXC is that it is natively cross-platform. While I spend my personal days on various Unices, I often work within a Windows or Mac environment professionally. Not having to learn how to use different password managers is a nice plus. Not having to set up brand new accounts to firewall my professional and personal credentials is a really nice plus.
That last part bears repeating. If you are doing stuff at a workplace where you need to use a password manager, please, please use a wholly separate KeePassXC database file and set of credentials, logins, etc. for that work. At a minimum it makes on- and offboarding easier. In a bad situation it might literally limit your liability and the amount of data you have to fork over to some investigator. In any situation it is the professional thing to do.
2FA TOTP generator of choice: Aegis (Android)
TOTP stands for Time-based One Time Password. These are tiny, usually 6 digit long passwords that look more like PIN codes, which refresh every 30 seconds. They’re great! Almost as good as hardware keys in the 2025 meta, and a heck of a lot more common.
KeePassXC actually can generate TOTPs by itself, which is cool. However, to me this somewhat defeats part of the purpose of multi factor authentication. It’s certainly possible that someone can get ahold of my password to some site, but not my KeePassXC database itself, and then I’m safe. But I would sleep better at night knowing that even if they had the whole database, they would still be missing something critical for actually using those creds. Yes, I could put my TOTP keys in an entirely separate KeePass database as well, but then I have to constantly juggling having two different databases open, which comes with its own UI/UX hassles. The good news is TOTPs tend to be short enough that it’s not really any issue at all to just type them in after reading them off of a phone - so, dedicated phone app it is!
There are plenty of high quality TOTP apps on the market today. For much the same reasons that I landed on KeePassXC (local-only, open source, simple), I like Aegis Authenticator. The killer feature for me, beyond being cloudless (should we call this “sunny software”?), is that Aegis can export file-based, encrypted TOTP backups, which of course I backup off device. I have noticed corporate lockin over authenticator apps to be much more aggressive than over ordinary password management, and I don’t want Google or Microsoft to have the final say over whether I can get access to my TOTPs - that would be almost as bad, under my security model, as handing over my password database itself.
Phone-computer file sync of choice: Syncthing (Windows, Mac, Linux, Android)
A necessary evil. I don’t have much to say about Syncthing, it’s very private, it runs totally locally, only when both of the machines are on, and it’s just excellent software all around. Hats off to the team!
It works so seamlessly in fact that I entirely forgot that I had it running in the first draft of this post. I run it to sync Aegis backup files from my phone to my computer, and to keep my KeePassXC database up to date on both devices (Android has an excellent companion app to KeePassXC, called KeePassDX, that lets you use password databases on mobile).
The big thing with Syncthing is that you have to ensure it runs on startup on your devices. Otherwise you run the risk of forgetting its existence for a few days/weeks/months/years, and then suddenly half of your credentials on one device or another are out of date. If you have a spare Raspberry Pi server lying around, you could add that as a third Syncthing node to help guarantee that every device will have the latest copies, even if they are only on intermittently.
⚠️ Syncthing syncs instantaneously, and if a file gets corrupted, it will sync the corrupted version. This isn’t a big deal to us because we are big boys and will soon be able to restore anything we are likely to need at the drop of a hat, but it’s definitely worth calling out ahead of time.
Backing up the crown jewels with tarsnap (Mac, Linux)
N.B.: tarsnap runs on “UNIX-like operating systems (BSD, Linux, macOS, Cygwin, etc).” Windows is not a Unix-like operating system. From what I’ve heard, it’s straightforward to get
tarsnap
and a scheduler likecron
running on Windows Subsystem for Linux these days. The real challenge is getting WSL itself to start up on startup with e.g. Windows Task Scheduler. Let me know if this is a problem you’d like to see solved in the world.
If you agree with my claim that your password database is basically the most important single file you have, then it behooves you to take more caution than usual to ensure you can get it, or a very recent backup of it, at a moment’s notice. I consider tarsnap
, by Hacker News immortal and actual math genius Dr. Colin Percival, to be the gold standard for backing up tiny, mission-critical files like this, for more reasons than one.
(Should you store your Aegis backups in tarsnap
, too? It’s not a bad idea, and only minimally compromises on security for a potentially quite large gain in reaction time to a sudden event. Our more general backup solution can handle this either way later. I won’t take a hard stance either way.)
The tarsnap
command-line client itself is a joy to use for veteran Unix hands like myself, because it’s based off of the venerable Unix tar
. The data deduplication is genius but unfortunately of less help to us: Any changes to the KeePassXC database file, which is itself encrypted, causes the whole file to change, and in effect will require a full fresh upload. Given that this file is 1-300 kB at the absolute most, that’s not exactly a ship sinker. If you don’t change the file, the deduplication will barely sip any data at all for a fresh new backup, only about 600 bytes per backup as far as I can tell. That’s a much more important property for cost controlling slow changing data we nevertheless want backed up expediently.
Even nicer: tarsnap
is prepaid! You load up your tarsnap
account with some predetermined amount of money, say $20, and coast off of that for however long the cash lasts for. You do get a few emails when it starts to run low, but if you do nothing, the data will be deleted without your awareness - which is actually what we would want in a security-conscious setting. Not that I expect to ever receive such an email; at my current burn rate, if I were to turn off backups today, my current funds should last for another 40 years. Not too shabby.
At those timescales, one might reasonably wonder whether the business will continue to run at that point. There isn’t exactly a lot of lockin with tarsnap
, but I’d love to see this private utility continue indefinitely, that’s how pleasing it is to work with. I imagine Dr. Percival has his own well-tempered business continuity plan for any eventuality. I wouldn’t be entirely surprised if his secret master plan is to eventually open source everything, server side code and all, so that an algal bloom of commodified Tarsnap-like backup providers can take the wheel and ferry us all into the glorious ultra-secure future.
But I wouldn’t hold it against him at all if he just sells the business for a very tidy profit. It’s a great business. We need to be willing to pay very smart people to do very smart things on our behalf.
Much ado about least-privilege keyfiles
A tarsnap
key file looks like this:
# START OF TARSNAP KEY FILE
UEaNZfz0p0d3et25EcnUJjmPF/6Jd7n34jOcnK3DUVp6Q/ypFL6HOts8AI0u0cGkSVE/avCgtfor
[... a bunch more lines like that]
9oO42J++btnGYKF58zN6nMdsanwD/I/gUKFWW3rHtqVVscDelVsfgI37BvWKchL24rXXz39+OW==
# END OF TARSNAP KEY FILE
Someone who breaks into your computer with the default Tarsnap key file in the default place might be smart enough to find out that you’re using Tarsnap. (Or, because we are dealing with intelligent agents, they might run a script which mechanically checks for the existence of a tarsnap
binary, then does this.) If found they may run something like tarsnap --list-archives | xargs -n 1 tarsnap -d -f
, and then your backups are gone forever. Oh no. Then they can hold the last remaining copy they know of of your KeePassXC database, which is actually on the compromised laptop, for ransom, and charge you $100,000 to get it back, even if they can’t open it themselves. Oh no!
Not to worry! tarsnap
lets you generate restricted key files that don’t let you do things like e.g. delete archives, but do let you do things like e.g. write new ones or list which ones you already have (yes, listing is a separate ability with its own security concerns). If this is your first time ever working with tarsnap
, you should probably run the system with the default key it generates for a few days before you look into this, just to get familiar with it. After that I’d recommend splitting the permissions up a bit. (If chaining users and services up like this in intricate ways is your passion, the technical term you want to search for is role-based access control, and some companies will pay you big money to shibari them like this.)
Ideally, your “daily driver” laptop should have a key that can only, and exclusively, write new archives - that way, if it’s compromised, the worst an attacker can do is start writing garbage, which you can just ignore. (I guess theoretically they could try to write so much garbage data to tarsnap
’s own servers that Dr. Percival is forced to turn off your account, but I would be surprised if this worked.)
For actually restoring previous archives, you can generate a “read and list archives only” key. Keeping this key physically separate from your daily driver is a best practice in itself, but we have other reasons we want this, which will become clear later. Given the criticality of this part of our stack in particular, and our fireproofing woes from before, I would recommend printing this code out on paper and actually storing that in your safe and safety deposit boxes. You–
–brother, did you actually just tell me to print my private key? Like, with an actual printer?
Indeed I did, soul sister. So long as you store the backup securely, there’s nothing wrong with it. The website itself lists it as an option for this:
There are many ways to keep it safe:
- Copy it to a different system.
- Put it on a USB disk.
- Give it to a friend.
- Print it out (it is printable text).
- Store it in a bank vault.
Two points for guessing where I’m telling you to put it next. 😼 It isn’t of much help to anyone who can’t unlock the KeePassXC database anyway. Strip the # START OF
and # END OF
lines from the keyfile for some extra obfuscation.
Recommendations on how to print secrets
A surprising amount of cool people online have thought about paper backups, probably motivated by their own observations that electronic media is as a mayfly compared to the mighty lignin molecule. The good news is that Tarsnap key files are only a couple of kilobytes, and therefore easy to print on a single sheet of paper no matter how we want to do it - raw text, error-checking QR codes, whatever!
But OCR is error-prone, and manually typing things in is tedious. Therefore I recommend you print the keyfile in at least three different formats:
- Plain text as a failsafe. Apparently the fonts OCR-A and OCR-B have existed since the 1960s specifically for the purpose of maximally readable Optical Character Recognition, but they can be hard to source, and here in 2025 the OCR meta has changed significantly and you can probably get good results using any common monospaced font here.
- za3k’s qr-backup PDF generator. Tried and true, quite popular.
- whitequark’s ISO/IEC 16022:2006 Data Matrix Python implementation. Always good to build against an actual standard, just in case.
(N.B.: whitequark claims QR codes can’t handle lower case letters. I tested this against za3k’s qr-backup
with the string AaA
, however, and found it recovered the lower case letters just fine.)
In all cases, write out a checksum or two with whatever hash algorithms you prefer so you can verify that the keyfile you restored is actually the keyfile you backed up. Stick a copy of each form in every safe, safe deposit box, dead drop etc. you have going on. For maximum security, this should proably be a read-list Tarsnap key only, not a full one with delete privileges, but realistically you’re almost certainly fine.
Reminder: This is all a LARP and for our personal usage. This system is very intentionally built around the assumption that we do not need to deliver the pizza in 30 minutes or less. If we are genuinely in such dire straits that we actually have to bust out the lignin, we expect to have the grace of a couple hours to actually get ZXing, a QR reader, etc. set up to restore our key.
Hey, wait, what about the original Tarsnap master key?
If you truly want to make your backups bulletproof, you can delete it outright after you have your restricted keys set up. Then the only way any backups ever get deleted is when the account itself runs out of money. The downside is that cost will only ever get eaten up faster and faster, as tiny amounts of immutable mostly-deduped backups accumulate, and so it might run out faster than you think. (But still probably not that fast - if you want to get a baseline reading, run tarsnap --print-stats
and put the lower right number, for Total size
/ (unique data)
, into this nifty Tarsnap calculator I just made to see how long it will last for.)
Your call. I’m going to proceed assuming you put copies of the read-list Tarsnap key in your safes, safe deposit boxes, and not your master one which lets you write and delete as well.
cron vs. systemd: por qué no los dos?
You’ve got Tarsnap archiving your KeePassXC database. Maybe you even split your permissions up. Now it’s time to make it run regularly, because a manually triggered backup is no backup at all. I recommend hourly, because realistically you’re just not backing up that much data, and God’s favorite time to force a total system restore is 61 minutes after you just made a new account.
I am a fan of cron
. cron
is simple. cron
is beyond battle-tested. If you get good with cron
, you would be surprised how many things become easier when you have a tiny always-on box sipping 50 cents of electricity a year in exchange for mastery of time.
I also like systemd
, and to be honest that’s usually what I reach for, mostly because I prefer how it logs and centralizes things. When it comes to this tarsnap
backup, I stick with cron
to hedge against the possibility that there is some bug in systemd
itself, or - more likely - how I myself have set up systemd
. My generalized backup runs off of systemd
, which hedges against the much less likely other direction. If you ever solved a math problem with two different approaches in high school or college just to make sure you arrive at the same answer both ways, you’ll understand the thinking here.
Hardware keys, 2FA, and TOTP, oh my
After I got my password manager set up and backing up the way I wanted to, next came the biggest slog of the whole audit: Going through each and every one of my accounts, and ensuring they had properly rotated passwords and 2FA turned on where possible. There’s no way around this, unfortunately, although the NIST now recommends that, provided you have a good password already (you are generating long, random passwords with your password manager, right anon?) and solid multi-factor authentication in place, you don’t have to rotate your passwords on a regular basis. That doesn’t help us for the first go-around, of course.
Wherever possible, I also used hardware keys. I’ll come right out the cuff and say, I love hardware keys! I love hardware key-based passkeys too. Cryptographically they hold the promise of unhackable SSH keys, but for everything! There is truly nothing cooler than logging into your Google account by pressing a button on a little thing instead of actually typing in a password.
That being said, if you go the hardware key route, get multiple keys and set them up at the same time. I beg you. Do at least 2 keys, or do 0 keys, but do not do 1 key under any circumstances. If anything happens to that one key, you’re a goner.
Specifically, I recommend n + 2 keys, where n = your number of offsite locations. n keys go to the offsites, the n+1th key goes in your home safe (where, recall, it likely can’t withstand a fire), and the n+2th key is for actual, daily use. The most hardcore guys I know from Hacker News max out at around 5 or 6 hardware keys, and I imagine they have independently converged on a strategy much like this.
Personally I do think the YubiKey is worth the small premium, as it works with many different kinds of systems. I have also heard good things about NitroKeys and SoloKeys. Google Titan Keys are quite nice too, and a fair bit cheaper, but make sure you understand their limits, they don’t work in as many places as YubiKeys do as of 2025. Ditto for the other FIDO2 security keys you’ll find in this space. Consider reading Jae’s primer on FIDO keys if you want to go spelunking for a better deal in this space.
To sign in with Google or not?
As of 2025, the current economies of scale surrounding Big Tech companies like Google and Microsoft basically mean that if you do go the hardware key route, you get a true velvet glove like secure login and logout experience whenever you log in with those accounts. A lot of other websites you use likely offer their own options to “Sign in with Google”, etc. In yet another win-win arrangement, this allows those other websites to free ride off of the account security these behemoths have to bankroll anyway, while simultaneously entrenching the behemoths ever deeper into the entire tech ecosystem.
That puts you, dear reader, in an interesting situation. Do you log in with these kinds of accounts in as many places as possible? Or do you go the other direction, and try to use these accounts in as few places as possible? Do you put your eggs in the Big Tech security team’s basket, or do you compartmentalize and accept the risk of many smaller security compromises over one inevitable huge one that surely no one could have seen coming?
I find myself flip-flopping on this a lot.
Just calling Google having a mass security incident a “black swan” isn’t necessarily the end of the story. Imagine a world, much like our own, but where the median US congressman doesn’t know what “Knightian uncertainty” is. Hard to believe, I know. We expect occasional black swans in this world to not be responded to in the obvious ways. A universal service provider like Google might suddenly be deemed too big to fail, and every Googler who was affected by the breach is suddenly entitled to COVID-19 stimulus checks level of federal compensation, and… Yeah. Things only get weirder from there. I would be kind of pissed if I missed out on a couple bucks because I decided to de-Google my life a few years prior.
Which means we’re probably here:
Flip a coin. Play it by ear. Ignore the ideologues on either side of the aisle. It probably just doesn’t matter that much for you personally, in large part because you’re the kind of person to read a guide like this in the first place. If your first reaction is to think “But that’s not fair, I did so much work acquiring all this knowledge, and now you’re telling me it didn’t matter anyway!?”, I have bad news for you about the nature of being an intelligent agent in a universe of scarcity.
I will say that in any corporate setting, where I expect our credentials to be under both heavier attack and also shorter-lived than in our personal lives, I would 100% push for “Sign in with Google/Microsoft/etc” everywhere, provided we had budget for passkeys, and likely even if we didn’t.
⏲️ The long slog: Actually fix things up
This is by far the most tedious part of the whole thing. But you have to do it.
Take all of the passwords and usernames that you have lying around, from as many sources as you can think of. Your browser’s password manager. The Post-Its on your desk. Put them all into KeePassXC, as they are. You really want to make this your single source of password truth. Then get rid of all of those other sources of password convenience. Hey, nobody said security was all fun and games.
Then, walk through each and every entry in your KeePassXC, and fix them up. This didn’t work for everything I had, but for 95+% of what I had in my system, the following approach worked quite well:
- I rotate the password, to the newest, strongest password they will let me. Always.
- Some websites won’t explicitly tell you just how long of a password you’re allowed to use; my approach is to do a binary search, and first try e.g. 200 characters, then 100 if 200’s too long, then 150 if that works, then 125 if 150 is too long… You’ll find a good settling point after just 3 or 4 iterations.
- If passkeys are possible, I set them up - with every hardware key I have.
- If passkeys are not possible, but fashioned security key-based two factor authentication is possible, I set them up - with every hardware key I have. (The difference rounds to whether or not you still have to actually type in that password you just rotated. With passkeys, you don’t, you just press a button on the hardware key and maybe type in a PIN that is on the hardware key itself, not on Google et al.’s servers. Counterintuitively, passkeys are often considered more secure than the two factor approach, because they don’t put that kind of data on the service provider’s server at all.)
- If neither passkeys nor hardware-based 2FA is possible, but TOTP is possible, I set it up, with Aegis.
- If neither hardware keys nor authenticator app-based 2FA is possible, I check to see whether I can delete the account and recreate it with e.g. login to Google or login to Microsoft or the like. Can’t let the perfect be the enemy of the good!
- If none of the above are available, I consider turning on e.g. email-based 2FA. By this point I start to seriously consider whether or not I would be better off just deleting the account altogether.
- Only if all else fails do I even consider turning on e.g. SMS-based 2FA, widely considered to be the least secure of all 2FA options, although it is still far better than a bare password.
Again, this is going to take a while for most of us. This basically ate up a weekend for me. I made the process more bearable by watching true crime YouTube videos in the background. You, dear reader, should probably choose something more worthwhile - may I recommend Tchaikovsky?
ASCII diagram of the above flowchart
+------------------------------------------+
| Gather all usernames and passwords |
+------------------------------------------+
|
V
+------------------------------------------+
| Consolidate everything into KeePassXC |
+------------------------------------------+
|
V
+------------------------------------------+
| Delete all other sources |
+------------------------------------------+
|
V
+=================================================================+
> Loop Start -> For each entry... |
^ |
^ +-------------------------------------------+ |
^ | 1. Rotate to strongest possible password | |
^ +-------------------------------------------+ |
^ | (always) |
^ V |
^ +-------------------------------------------+ |
^ | Are NATIVE passkeys possible? --(Yes)-->[Set up] |
^ +-------------------------------------------+ V |
^ | (No) V |
^ V V | fall down
^ +-------------------------------------------+ V | the pit...
^ | Is HW key 2FA possible? -(Yes)-->[Set up]---V |
^ +-------------------------------------------+ V |
^ | (No) V |
^ V V |
^ +-------------------------------------------+ V |
^ | Is TOTP (app) possible? -(Yes)-->[Set up] --V |
^ +-------------------------------------------+ V |
^ | (No) V |
^ V V |
^ +-------------------------------------------+ V |
^ | Recreate w/ Social? --(Yes)-->[Recreate] ---V |
^ +-------------------------------------------+ V |
^ | (No) V |
^ V V |
^ +-------------------------------------------+ V |
^ | jesus christ do i even need this --(No) ----X------------->[DELETE]
^ +-------------------------------------------+ V |
^ | (Yes) V |
^ V V |
^ +-------------------------------------------+ V |
^ | Is email 2FA possible?--(Yes)-->[Enable] ---V |
^ +-------------------------------------------+ V |
^ | (No) V |
^ V V |
^ +-------------------------------------------+ V |
^ | Is SMS 2FA the only? --(Yes)-->[Enable] ----V |
^ +-------------------------------------------+ V |
^ | (No) V |
^ V V |
^ +-------------------------------------------+ V |
^ | No modern 2FA. Rely on strong password. | V |
^ +-------------------------------------------+ V |
^ | V |
^ V V |
^ +-------------------------V |
^ (elevator!) | |
^ V |
^<---------------------- Loop to Next Entry <---------------------+
Sign up for data breach monitoring
Congratulations on getting through the boring part! Now let’s make sure we never have to do this again.
For our threat model, basic data breach scanning with a site like Have I Been Pwned? or Mozilla Monitor should be plenty. These sites let you punch in an email address, and if they find that email address’s credentials anywhere on the dark web, they will email you post haste. If you ever receive such an email alert, you should rush to rotate your password and perhaps your 2FA as well, stat.
You can register for either, or both. I lightly prefer Mozilla simply because they have an established track record. I genuinely think these are some of the most valuable free services the 2025 web has to offer.
Wait, what about recovery codes?
Recovery codes are an interesting case. I am of the heterodox opinion that, with perfect adherence to this setup, they probably hurt more than they help, because fundamentally they exist to compromise 2FA.
You’ll often get codes that essentially work as one-time passwords to get into an account once you turn on two factor authentication, in the event that you lose the 2FA. But … the whole reason we’re sticking with Aegis is so that our 2FA stays as reliable as possible, right? As in, we can reload that TOTP backup to many different places, because Aegis is free and open source software working with known encryption standards, and we would be able to get our 2 factor authentication back up and working even if every Big Tech company shuttered their doors simultaneously.
A distant second issue that recovery codes don’t always work. Scroll through a search of “recovery codes” on Hacker News and you’ll find scores of people griping about this. For some people, untested recovery codes (and untestable, in a sense - codes generally stop working after one use) instill a false sense of confidence that may lead them to be more lax with other, more conventional aspects of their security posture.
Let’s take the outside view on this, though. Realistically, you’re not going to get every little thing right with a scheme like this the first, second, or even third time around. For that reason it makes a lot of sense to keep physically printed-out backup codes in your safe and/or safety deposit boxes. After you’ve run through the chaos engineering tests a couple of times, enough to get really comfortable with them, I would recommend ditching the recovery codes. But let’s not walk down that path until about a year or so after the system has been humming along peacefully. If you truly, genuinely want to keep using recovery codes after that, there are ways to make them much harder for any malicious actor to find even in printed form. Your call.
TL;DR
- Use KeePassXC for password management.
- Use tarsnap and cron to back up the KeePass database. Load it up with $20 or however much money it would take to not have to think about it again until you retire.
- Make sure your on-device tarsnap key is write-only. Do not let the device uploading the tarsnap files also be the device that can delete the tarsnap files.
- Use Aegis for TOTP management.
- Consider hardware keys like a YubiKey, but only if you can afford backup keys as well.
- Then actually use them. Centralize on them. This will take a while. There’s no way around it.
- Monitor for data breaches like a hawk in the future, with e.g. Mozilla Monitor.
Layer 03. Backing up /home
You probably have a long tail of important, but rarely-touched documents sitting on your hard drive that you’ve collected from various sources: Attachments, automated downloads, etc. etc. Even if you don’t know exactly what these documents are, it’s a very good idea to make sure you can reach these within a day or two.
Before we begin: Enable full-disk encryption first‼️
We’re finally entering the world of your “big data”, that is to say files which take up some appreciable percentage of your actual computer’s hard drive. Since our threat model is ordinary, private citizen, one of the biggest threats we face is simple device theft - your Macbook gets swiped at a cafe, a pickpocket nicks your phone, etc. etc. You cannot and should not assume that people who would go to these lengths to make a buck would stop there, if they think that you might have e.g. a picture of your credit card or something on your device.
For that reason I must implore you to turn on whatever your platform’s full-disk encryption is. This would be something like BitLocker on Windows, FileVault on macOS, LUKS on Linux, and GELI on the BSDs. If this is on, then you get asked for a separate password every time you turn the computer on, and if you don’t have the password, the whole hard drive will be inaccessible and just look like random noise. This means a bad guy who gets ahold of your computer when it’s off is locked out. They can’t just pop your hard drive out, link it to another computer, and start rummaging through your files.
Chances are good that when you do your full-disk encryption, you will also get a long recovery key that you can use in niche situations like e.g. a corrupted bootloader to get into your encrypted hard drive. I would recommend putting this into your KeePassXC database and treating it similarly to a password, even though our goal is ultimately to be able to recover from bare metal in the case of a total failure, just as a hedge against this. I don’t consider this similar to my problem with recovery keys because (a) there’s no 2FA to be compromised in the first place and (b) there are genuine firmware-ish reasons why your recovery key might work but your password might not.
Now full disk encryption passwords are a little different to passwords that go over a network like the Internet. You generally need actual, physical access to the disk itself to even begin to try to unlock it, which locks out entire classes of common attacks we need to worry about for e.g. our Google password. So the good news is, while this is another password you need to type in when you turn the computer on, even a relatively short password likely suffices to keep the vast majority of ordinary crooks out, and you probably only have to rotate it rarely if ever. Chances are your average Thinkpad Starbucks thief isn’t about to stick it inside their cozy homemade Faraday cage and GPU rack and actually try to brute force your disk password, they’ll just wipe it and resell on the black market.
External local hard drive of choice: 🤷 no strong preferences
Going from zero to one full /home
backups is like going from no life insurance to a $250,000 policy. Even if it’s not a lot in absolute terms, you just sleep so much better at night after it. So I’m a little embarrassed to admit that I just used my standard Samsung T7 1TB portable drive for this very important task, and not a fresh disk bought for purpose.
I like the Samsung just fine, it’s just a little too expensive for me to really feel comfortable recommending it. Seagate drives of the same capacity are two-thirds the price and work just as well for this usecase. On the bright side, it’s a phenomenal little drive for travel and for general purpose use elsewhere.
General backup software of choice: restic (Windows, Mac, Linux)
N.B.: I never tried Borg. It looks like it offers pretty much the same benefits with only small differences. If you wanted to be extra-safe, you could run both Borg and Restic, like Marcus Butler does.
I have about 170 GB of data in my /home
folder, most of it static, text-based and unchanging. restic
reports it compresses down to about 90 GB. I think this is pretty common for an ordinary tech-savvy person’s laptop. For that reason, deduplicating backups, where we more-or-less only copy over data that has actually changed for each new backup and otherwise refer to whatever the previous backup already had, is absolutely vital for me. I have grown to be very fond of Go over the last few months, and this combination of traits quickly led me to the cross-platform, single executable program, restic.
restic
lets you encrypt your backups with - what else - a password, which is a huge plus for me. If anyone ever made off with my external hard drive, they would look inside and just see ~90 GB of noise (restic also compresses your backups, lovely) and have no real way to get access to anything inside of it without brute forcing it (I’d like to see them try). It takes a little bit of trial and error, but after about half a day of absentminded tinkering I got a quite robust script and systemd
hourly timer wrapped around restic for these local backups.
Ransomware protection: Hard drive on separate device
Again, ransomware attacks aren’t terribly common, but they do happen. What you generally want to protect against in those situations is a person who says “Put 10 bitcoin into this crypto address or I will delete ALL of your files!”. They don’t need to actually know what the files are in order to do that.
And again, the best way to defend against that is to ensure that the device which writes the backups is not the device which can delete those backups. A ransom attack loses much of its potency if you can just restore from backups. Luckily this is a use case restic supports in many ways. I actually use a tiny, non-Internet-connected Raspberry Pi to shunt my restic backups over the network and save them to my hard drive with my actual PC being none the wiser, very similar to our write-only Tarsnap key, but this could be overkill for you, because our remote backup solution already has this problem solved with the click of a button.
Remote backup software of choice: Backblaze B2 (cloud)
The 3-2-1 backup rule states: You should keep at least three copies of everything, on at least two kinds of media, with at least one off-site. Your own laptop is copy #1. Your external hard drive, with its deduplicated, encrypted, compressed restic
backups going every hour, is copy #2.
A dedicated cloud storage provider like Amazon S3 or, well, tarsnap, is copy #3, and checks all three of the remaining boxes.
Cloud storage technically runs on the same hard disks as you and I, but the software and techniques major cloud providers have at play to make sure the actual data on those disks as resilient as possible really puts them into a class of their own. Amazon S3 provides eleven nines of durability on data stored with them. That is to say, if you store 10,000,000 files on S3, you can expect S3 to permanently lose one of them… every 10,000 years. Yeah. Different breed.
restic
speaks the Amazon S3 protocol natively, and a well-designed API it is indeed, to the point that many other storage providers have copied it. While Amazon S3 is genuinely world-class for what it does, I found that the very similar Backblaze B2 object storage provides me basically the same thing but at about a quarter of the cost per terabyte-month. Not to mention, Backblaze’s other product is … unlimited consumer-grade computer backups for $5 a month.
These guys are cheaper, and they have been in the backup space for almost 20 years!? Sold. I signed up for a new Backblaze account, hooked restic
up to it with only a little more effort than the local usecase required, and pretty soon I had daily remote backups streaming to Backblaze B2, for an expected burn rate of about 60-70 cents a month. What a satisfying feeling.
Backblaze B2 comes with a phenomenal feature you can turn on in the web GUI, called Object Lock. Object Lock prevents any file uploaded to the bucket from being deleted for, say, the first 30 days it has been there. Ransomware defeated!
That said, I would still recommend you set up your local disk so that these kinds of attacks can’t ruin your day, and try to restore from local whenever possible. Even with Backblaze backing up your data securely offsite, it takes a lot longer to do a full restore over an Internet connection as opposed to over a zippy local drive. The speed differences are stark, even over very good Internet connections. Some idealized numbers:
Data size | Restore from local NVMe SSD (~2,500 MB/s) | Restore from Backblaze B2 (1 Gbps Internet) | Restore from Backblaze B2 (100 Mbps Internet) |
---|---|---|---|
100 GB | ~41 seconds | ~14 minutes | ~2.3 hours |
1 TB | ~7 minutes | ~2.3 hours | ~23.3 hours |
10 TB | ~1.2 hours | ~23.3 hours | ~9.7 days |
Don’t take these idealized calculations at face value, either. My full local 170 GB restic
restore to a wiped, used ThinkPad took around 20 minutes in total, not 2. My point remains: Imagine how slow a 10 TB Backblaze restore will be. Definitely better than nothing, but not what you want to rely on in a pinch.
Returning to the “Aegis in tarsnap or nah” question
Earlier I said that we would be able to restore our Aegis backups from our generalized backup solution, and so it doesn’t really matter that much whether we store such backups in Tarsnap or not, and now hopefully you can see why: If we have the KeePassXC database from Tarsnap, we can just use grab our restic
password and pull that single file out from either our local or remote backups.
But, alas, no plan is without its warts. As of the time of writing, 2025-09-09, Backblaze B2 only supports TOTP 2FA, not hardware-key based 2FA or passkeys. Damn! That creates a frustrating circular dependency. In a total wipeout, we won’t have our local restore, and we won’t be able to log into Backblaze without its TOTP password - but we need to get into Backblaze to restore the TOTP passwords! These are the kinds of problems you only notice after you test the strategy.
I don’t have a great solution to this. The best solution is to bang on Backblaze’s doors and point this use case out to them, which I will do as soon as I publish this post. Storing an Aegis backup with only the Backblaze TOTP in it is also an option. But maybe the best option is to simply print out the QR code Backblaze will show you when you register for it, so that you can always get this TOTP back in a pinch. These QR codes actually do not go stale, to my knowledge, and so you could simply scan it again with a wiped phone a year or two from now to get the same TOTP code sequence back that you were originally shown. Naturally, if you take this approach, put a copy of this printed QR code in each offsite as well as your home safe. This is also locally fireproofed in our safe - I wasn’t kidding when I said you’re going to love ordinary copy paper after all this.
TL;DR
- Full-disk encryption. Stat.
restic
for encrypted, compressed, deduplicated backups over/home
.- 3-2-1 backups. One local drive, for speed/testing/convenience. One cloud-based, for when shit hits the fan.
- Local:
restic
backup, hourly, over the LAN, to an external hard drive on a dedicated Raspberry Pi. Append-only to prevent ransomware. - Remote: Backblaze B2, daily, for cheap, reliable storage from backup specialists. Object Lock on to prevent ransomware.
- Consider: Printing the QR code for Backblaze B2’s TOTP, and putting copies in every safe and safe deposit box.
- Consider: Email productfeedback@backblaze.com and help me tell them it’s high time for hardware based key authentication!
- Local:
Closing the loop
By this point, we now have a handful of secrets we want to keep track of. There are really only two or three that I think you are better off never storing anywhere digital, and actually committing to memory:
- Your KeePassXC password.
- Your Aegis password.
- The PIN to your safe (if you have one).
If all of your other defenses are pierced without your knowledge, and these remain intact, you are as safe as the passwords are strong. On the other hand, if all of your other defenses are intact, but these two are compromised, then it’s only a matter of time. Keep them offline.
Now. What if something happens to you? Your family members certainly don’t have your passwords memorized, that would be incestuous. If you just write these passwords out in plain text, though, anyone who gets ahold of your safe or one of your deposit boxes can end you. Recall, your Tarsnap read-list key is in there - they just pull down your KeePassXC database, and maybe your Aegis TOTP backups as well, and then read off your passwords, and go to town.
Create your Horcrux
Enter Shamir’s secret sharing. We can probably assume that if people who are not you are trying to get your passwords, before you were even able to talk to them and get them the passwords yourself, then something seriously fucked has happened to you, my friend. Like incapacitation or, uh, death, that fiend. Since these are good people who presumably should have or be able to get access to your home safe, your safe deposit boxes, etc., you can effectively hedge against the compromise of any one of these areas by using a program like ssss-split
to cut your passwords up into little information-theoretically secure hot dog chunks, and then reconstruct them only when enough of them come together in the same place, like a Horcrux.
I am trying to elide actual code examples as much as possible in this post, but here I think it really is faster to show then tell:
$ echo "i just wanna be part of your symphony" | ssss-split -t 3 -n 5
Generating shares using a (3,5) scheme with dynamic security level.
Enter the secret, at most 128 ASCII characters: Using a 296 bit security level.
1-f5cc51e852109536061a81e93c287bce1d6cb7e33967faf8a5018b3da56b7b6cf26454b55f
2-a78199a3563442e7f8e2bc91b6f90fbd5f739e744dd55d7a766cee7317722e9a82e177e557
3-b54f08e2772fdf0442c8cfb44ebcb04d799ae477d8b869ba561cd4f2d2119dee45da329256
4-f27d9c9ca5545b65f78ece2c293a82b456fbf48643a203b7acbfa511780b04b1bd006ea8b7
5-e0b30ddd844fc6864da4bd09d17f3d4470128e85d6cf37778ccf9f90bd68b7c57a3b2bdfa4
$ ssss-combine -t 3 -n 5
Enter 3 shares separated by newlines:
Share [1/3]: 4-f27d9c9ca5545b65f78ece2c293a82b456fbf48643a203b7acbfa511780b04b1bd006ea8b7
Share [2/3]: 1-f5cc51e852109536061a81e93c287bce1d6cb7e33967faf8a5018b3da56b7b6cf26454b55f
Share [3/3]: 5-e0b30ddd844fc6864da4bd09d17f3d4470128e85d6cf37778ccf9f90bd68b7c57a3b2bdfa4
Resulting secret: i just wanna be part of your symphony
Generate n shards for each password, and put a different shard into each safe or safe deposit box. Again, this is an absolute last line of resort for your next of kin.
The usual recommendations on how to print secrets apply here as well, of course. Ideally in triplicate, ideally in different forms.
(Alternatively, you could give your passwords in a sealed envelope to your family’s lawyer, but that assumes your family has a lawyer.)
TL;DR
- Backup hardware key, if you’re using them, in every safe and deposit box.
- KeePassXC password, on paper, in every safe and deposit box. Never store digitally.
- Aegis password, on paper, in every safe and deposit box. Never store digitally.
- Consider: Sharding both passwords with
ssss-split
. - Consider: USB drive with your read-list Tarsnap key in the safe, for convenience, but
- Consider: Copies of all in safe deposit boxes.
- Consider: Shamir’s secret sharing, if you are really paranoid about losing these passwords.
- Consider: Include short “next of kin” note pointing to this URL, or an archive of it.
Baby’s first chaos engineering
So far, so good! But a backup plan is only as good as its latest restore. You, dear reader, undoubtedly have little quirks in your personal tech that I couldn’t even begin to imagine, that have to be prepared for and fortified in their own special little ways. You can either discover those now, or you can wait until you are in a stressed and dismayed state and figure it out then. I think you can tell which option we’re going to go after.
Every day, after you wake up, take your phone, and roll d100.
- If you roll a 3, you are to simulate a phone loss. Factory reset your phone, restore from whatever backups you have, and see how quickly it takes for you to get back to your digital normal. For our purposes, the primary thing we are testing is whether you can restore your Aegis backup, but you will almost certainly discover other things you need to worry about the first few times you do this.
- If you roll a 2, you are to simulate a laptop loss. Factory reset your actual laptop, restore from your backups, and, again, see how quickly it takes to get back to normal. I would recommend a
restic
backup restore from your local drive to start, then after a few times you can try a Backblaze B2 restore, which may or may not require you to pull a recent KeePassXC database down from tarsnap first. - If you roll a 1, you are to simulate a total system failure, where both your phone and your laptop are reset. This is the true Hard Mode of personal resiliency!
Okay, okay, an actual factory reset might be too extreme for the first few times you do this. If you have e.g. an old ThinkPad lying around, or a spare Android in the closet, we can accept you just factory resetting and living off of those browner pastures as well.
But you really do want to get to the place where rolling a 1, 2, or 3 no longer scares you. I like this exercise a lot because it’s both very straightforward to do and covers a surprisingly wide swath of real-world situations that can happen to you. If, in a year from now, you roll a 1 and your biggest reaction is “Ugh, I gotta get out of bed and kick off the restores before my morning shower”, then you are in a phenomenal place compared to the median netizen. Sally forth!
Postscript: How much does all of this cost?
I’m the first to admit that these kinds of dorky security things are a hobby of mine, and that I don’t particularly mind spending money on my hobbies. Some people spend $100 a year on video games, other people spend $200 a year on anime figurines, and yours truly, apparently, loves to spend $600 a year on multi-jurisdictional safe deposit boxes. C’est la vie!
But many of the tools here are free as in free, and many of them are free as in ludicrously cheap for what you potentially get out of them. Let’s put it all into a table, starting with actually-free and edging upwards. I’m going to use approximate numbers and then explain where I got them from.
These are very rough, single-significant digit estimates from prices I’ve seen around. You can almost certainly optimize the prices lower if you do some research.
Item | Purchase cost | Ongoing cost (per month) | Ongoing cost (per year) | Ongoing cost (per decade) |
---|---|---|---|---|
Software | ||||
KeePassXC | $0 | $0 | $0 | $0 |
Aegis Authenticator | $0 | $0 | $0 | $0 |
restic | $0 | $0 | $0 | $0 |
Full-Disk Encryption (OS Native) | $0 | $0 | $0 | $0 |
Mozilla Monitor | $0 | $0 | $0 | $0 |
Software Services | ||||
tarsnap (17 MB, unique data) | $0 | $0.004 | $0.05 | $0.50 |
Backblaze B2 (100 GB, unique data) | $0 | $0.60 | $7.20 | $72 |
Hardware | ||||
Copy paper | $0.05 | $0 | $0 | $0.05 (spilled coffee insurance) |
Fireproof document bag | $25 | $0 | $0 | $0 |
USB drives | $30 | $0 | $0 | $0 |
External hard drive (1 TB,) | $60 | $0 | $0 | sub-$180 (assume 1 replacement per 3 years) |
Hardware keys (x2) | $100 | $0 | $0 | sub-$50 (assume 1 replacement per decade) |
Raspberry Pi Setup | $100 | $0 | $0 | …$20? (maybe $0 - ramdisk OSes are very sparing of SD cards!) |
A good home safe + silica gel packets | $200 | $0 | $0 | $0 |
Hardware Services | ||||
Safe deposit box (US) | $100 | $10 | $100 | $1000 |
Safe deposit box (UK) | $100 | $20-30 | $2-300 | $2-3000 |
Safe deposit box (EU, average) | $100 | $20-30 | $2-300 | $2-3000 |
TOTALS (est.) | ||||
One-time total | $800-900 | |||
One-time total, sans safes | $500-600 | |||
Ongoing total | $50-60 | $500-700 | $5000-7000 | |
Ongoing total, sans safes | $0-1 | $10-20 | $300-400 |
You read that correctly. If you ditch the insane spy novel gimmick, you can achieve world-class digital resilience for about the fully loaded cost of half a day of a modern software engineer’s time per decade. And that’s assuming that prices don’t continue to plummet in this, technology, the plummeting all the time category of consumer goods.
Is there a lesson to take from this? Yes: Bits tend to have much, much better economies of scale than atoms do. With the exception of good old fashioned paper, which is frankly likely to outlive everything else here when stored correctly. Mother Nature sure has a sense of humor.
The silliest assumption in all of this is that you will always and only have 100 GB of data you want to keep backed up - photos and videos take up a lot of space! If and when you get to that point, you can pivot to e.g. archiving those in AWS S3 Glacier for about $1/TB/month in 2025-dollars (again probably dropping over the next decade!) with our current system fairly easily. For bulk local storage, as of 2025, five minutes of searching brings up this 20 TB Seagate pro drive for about $300, which is about $15 per TB, or about $5 per TB-year if we are assuming a 3 year lifecycle on these disks. I do recommend always trying to think about storage in terms of a size-time product, I find that gets much better results for Serious People.
Postscript: Wargaming common scenarios
My phone is lost or stolen
Wipe the phone remotely if possible. Get a new phone. Restore Aegis.
My laptop is lost or stolen
Wipe the laptop remotely if possible. If not, but it was turned off, full disk encryption should keep your data safe. If not, but you didn’t have KeePassXC open, at least your passwords are safe.
Get a new laptop. Restore from restic
backup. Open latest KeePassXC database. Maybe restore from Tarsnap if that was a more recent backup.
My phone AND my laptop are lost or stolen
Get a new laptop and phone. Pull down latest KeePassXC database from Tarsnap. Use KeePassXC to unlock and restore an Aegis backup from restic
(unless you stored Aegis backups as well in Tarsnap directly, in which case just do that). Restore Aegis to phone. Then kick off a full restic
backup after that.
My house was vaporized by Pow!, the Wow! signal’s older brother
Get to an offsite. Retrieve read-list Tarsnap key from offsite. Pull down latest KeePassXC database from Tarsnap. Use KeePassXC to unlock and restore an Aegis backup from restic
. Restore Aegis to phone. Then kick off a full restic
backup after that.
I have woken up in a hospital bed with no idea who I am
Observe everything about yourself as deeply as possible: Height, weight, approximate age, medical information if you can find it on a clipboard, language, accent, etc. Think very deeply through where approximately you may have come from and who approximately you probably were. This will probably take a while. Be careful - whoever put you in the hospital bed might not be done with you yet 😱
Much, much more detailed information about yourself, sufficient to begin the recovery process, is available in any of your safe or safe deposit boxes. However, you need to actually get to at least one of them first. If it’s possible to triangulate where roughly your home is, and if that home is still intact, that is probably the easiest place to start, because even if you can’t remember the PIN number to your safe, you might be able to wail on it with a crowbar for 15 minutes. (Tell the neighbors first so they know you’re not a burglar in your own house.)
If you can’t get the original documents from the home, you’re going to have to go after one of those safe deposit boxes, which is not going to be easy, but is probably possible with persistence. Find a lawyer and explain that you’re the protagonist in an indie action movie, and that you have no idea who you are but you (for some reason) remember you implemented this one Internet dude’s ridiculous resiliency audit plan, and that all of the information you could possibly need are backed up in at least one and probably multiple safe deposit boxes. Ask them if they can take you on pro bono, or maybe on provisional loan against whatever assets you may or may not find yourself to have, and ask them if they can find anyone else at all who knows you or knows of you in a confidential manner.
After you get to your safe or an offsite: Retrieve read-list Tarsnap key from offsite. Pull down latest KeePassXC database from Tarsnap. Use KeePassXC to unlock and restore an Aegis backup from restic
. Restore Aegis to phone. Then kick off a full restic
backup after that.
I have been reincarnated against my will and I want my 401k back
To start: In situations like this it is often reported that memories fade very quickly of your past life, so do your best to record as much as you possibly can right now. Secrets no one but the recently(?) deceased could possibly know are ideal, and doubly ideal are secrets only they would know that can also be independently verified. Like, say, … a computer password. 🤠
Very similar to “I have woken up in a hospital bed with no idea who I am”, but you probably want to travel to Dharamshala and seek guidance from some of the senior lamas there. They are known to be experts in the recovery and identification of reincarnated souls. Flights are generally reasonable, but unfortunately it may be difficult to access the 401k of your past self, let alone borrow against it on a speculative basis, so consider working for about a year to save up money for the journey.
Comments