As an enthusiast I of course make encrypted on-site backups, which I then protect by syncing to a cloud provider, and I protect the encryption secrets with a password manager, and protect the password manager and cloud accounts with a U2F key, and protect the U2F key with two spare U2F keys in off-site secure locations.
I can understand, though, that most of the population doesn't want such complexity, and prefers to be able to reset forgotten passwords without losing their data.
Treating your cloud provider as an hostile adversary is a useful security advice, through I would personally prefer to not give a hostile adversary my data in the first place.
michaelt|1 year ago
I can understand, though, that most of the population doesn't want such complexity, and prefers to be able to reset forgotten passwords without losing their data.
belorn|1 year ago