I want to store my file backups offsite, but not in the cloud since I am not comfortable storing certain personal and financial information in the cloud. I’ve decided to use an existing safe deposit box to store a hard drive that I will back up every few months. I do not need to back it up often because the data I am storing would not change very often.

What concerns me is the possibility that the contents of the safe deposit box will be lost/stolen, so I would like to implement some form of encryption. I am only recreationally good with computers/technology, so this is one of the areas where I am not knowledgeable.

A few relative notes:

  • I would need something that I can do myself fairly easily, because I am new to it. But more importantly, it needs to be something my spouse (who is not great with technology) would be able to decrypt in the event I am not able to.
  • I do not back up entire computers, only files/folders.
  • I do not want to over-encrypt, but I am not sure a password protected folder or .dmg is sufficient.
  • I have a Mac (I really don’t know if this is relevant nowadays, but thought I would mention)

Any help would be appreciated! Thanks!

  • malikto44@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I have had APFS + encryption fail me once, where I wound up losing all data on the drive completely. It was just a copy of data so it wasn’t a major loss, but it was something that concerned me.

    As others have said, the simplest way is to just use APFS + encryption, copy the files, call it done.

    However, what I do is format the external drive with ExFAT, and use Borg Backup with encryption. This ensures that I can pull the data off the drive, regardless of the data being on a Mac, Windows (with WSL2), or Linux. Borg Backup is an open source utility, and has a lot of presence, so it won’t be going away anytime soon. The nice thing about Borg Backup is its deduplication, so if you back up a folder twice, the space used will be minimal.

    Another idea is to use Cryptomator. This works on Linux, Mac, and Windows, and you create a vault (which is a folder with encrypted contents), mount that, and from there, copy your files into that. The nice thing about this method is that it works on all platforms (assuming you used ExFAT for the filesystem), and provides solid security.

    If just Mac-only, the simplest will be using encryption with APFS, but making sure you have multiple copies on multiple drives, just in case.