Medium term cold storage options?
Increasingly I'm looking at my backup solution and I'm not totally happy. My "threat model" I guess is if the house burns down and we only make it out with the shirts on our backs. Alternatively if I get hit by a bus I'd like a backup of passwords and maybe some instructions for my wife.
Mostly irrelevant discussion on my current backup or lack of situation
Up until recently I had a VPS running syncthing as a central backup for all my devices but it kind of looks like that got randomly wiped or something... my plan up until that happened was that I have a computer in a locker at work that I occasionally fired up to sync my syncthing stuff. This has some issues, the big one being that it doesn't deal with bus factor.
My next plan (and the point of this topic) is to have some data stored offline in a safe deposit box at the bank or some other secure location and swap the data out at some interval like 6 months or 1 year. The stuff I REALLY care about is easily under 1gb and stuff I kind of care about (photos and that kind of thing) is < 1tb.
Also currently I'm paying for iCloud each month even though I've mostly left the mac-osphere. This is where my < 1tb of photos are. I intend to download all of that and stop paying for iCloud in the coming months.
TL;DR What are decent medium term cold storage options for < 1gb that I can be really sure will be good for several years (maybe 10 or 20 years at the extreme end) and is fairly cheap. I was thinking optical media but I'm kind of lost as to what specifically to get and how to not get conned by buying fake media (m discs). I (somewhat randomly) have an m disc drive in my computer but I don't know if thats overkill or not? My important stuff may even fit on a CD actually...
S3. 2.3 cents per gig per month. 20 years is $5.50 per gig. My safety deposit box is $60/year for comparison.
I should also mention that deep archive tier storage is way cheaper at $0.00099 per GB. You could store a terabyte for 20 years for $237.60.
Why S3 over Backblaze B2? With B2 the first 10GB is free, $7/TB/mo after that, free egress and API calls, and hot storage. Seems to be a much better offering for OP unless I'm missing something.
A terabyte for 20 years would be $1680 at that rate. Backblaze would be better for that first gig but not for all their photo content, unless they also have archival tier pricing.
If my house burns down and I don't have anything except a (hypothetical) brand new computer then how do I access that?
Edit: and bus factor.
I assume you remember your email password? That’s all you’d really need to get in.
I don't actually. I moved EVERYTHING to long random passwords. I don't want my email to get hacked because thats kind of the key to being able to reset a shit ton of passwords. Also it has 2fa now so if I don't have access to a 2nd factor (or maybe a backup code... I should set that up) then I'm screwed.
I know maybe 4 of my current passwords:
bank card pin
log in for my computer
phone pin
password for KeePassXC
password for work accounts but only because they make me put it in endlessly and also don't allow me to use a phone at work AT ALL... so I use a weak password I can remember
That’s probably overkill. You can easily have enough entropy to defeat brute force and still be memorable. But, I feel like remembering a password isn’t such a giant obstacle, is it? Probably less difficulty than dealing with losing your safety deposit box key and identification in the hypothetical house fire.
Having a password manager that isn't exclusively tied to a physical device would allow you to have the same password behavior without reusing passwords to improve memorization (which is the biggest risk for most people not using a password manager, not the ability to brute force any particular password). I similarly only have a few passwords memorized, but my password manager contains everything else, including my 2fa backup codes, so I'd be able to get back into other accounts in case of an emergency because I can access that. But I use a password manager that stores my things in the cloud, which I assume OP doesn't want to do because that's the main reason people use KeePassXC.
But changing their password behavior isn't necessary, they just need to ensure they can access their KeePassXC database after a disaster like this. KeePassXC's documentation says you can safely store the encrypted database file in the cloud and recommends regular backups, but if that's too online, I believe copying it to a flash drive and sticking it in a safety deposit box somewhere would work (although it would be somewhat more annoying to update your backup that way). This would probably fill the "backup of passwords and instructions for wife upon death" criteria, at least.
This would be my recommendation as well. I got close to 400GB on Glacier and pay less than $0.20 per month. The only downside is that I couldn't find software that backed things up the way I wanted, so I ended up vibe coding a massive bash script to compress, encrypt and upload the data for me while doing integrity checks.
For many years, my offsite backup plan was literally a spare HDD in my safe deposit box at the bank.
I had 2 such HDDs. One was employed in active nightly backups at home, and every month or 2, I would take that HDD to the bank, swap 'em out, and put the other one into play for the nightly backups. That way, the HDD in the bank was never more than 2 months out of date.
Same, although for me it was a disk I rotated to and from a drawer at my office.
When I started working from home, I moved to a big disk in an eBay refreshed office workstation in a closet at my parents place that I use as a restic endpoint. Works great, although not cold storage per se and definitely has a WAF approaching zero.
In fact my break glass situation is a piece of paper with critical passwords written on it and stored in a filing cabinet in my house. Ain’t no script kiddies getting that.
How long is an HDD really good for?
Life expectancy for this sort of thing is 5-10 years in my experience.
Optical would be better, especially if you're only talking about ~1GB or so.
Still, quality HDDs are typically rated for ~5 years, and probably generally good for double that ... this is particularly true if you're not using them constantly, but just writing data on them and then putting them in long-term storage.
When I was looking into this a few years ago, the consensus answer seemed to be that there's not a great option, but archival-quality optical media is probably the best one. (Flash doesn't have great longevity offline, and hard disks are something of a question mark—and the typical failure mode isn't "some degradation", it's "this complicated mechanical device has broken and does not work at all".) Consensus at the time seemed to be that archival-quality media was expensive out of proportion to the increase in quality, and there was a whole lot of discussion of (mostly non-actionable) concerns like the original manufacturer of a piece of media. My conclusion ended up being:
My schema is mostly to have encrypted backups stored online (in Backblaze B2, in my case), with encryption keys, a copy of my password vault, and a handful of other useful things on the backup disks. In the end, I've got a few dozen megabytes on my backup discs (on DVD media, because that's all that was available, lol).
For long-term storage, the answer is, oddly enough, to keep it online and monitored. Individual units of storage media are pretty fragile, but a NAS with a handful of drives and someone checking up on it regularly will keep data stored more-or-less indefinitely. (Online storage is much easier to accidentally delete stuff off of, of course, so it's not a panacea.)
I'm literally just (re)setting my backup system and ended up with Arq Backup after trying their free tier for a month. Decided on their cloud version ($60/year) instead of the pay once version ($50), we'll see in a year if I'll keep the cloud version.
The Important Stuff (the things that are really irreplaceable) go to B2, my Hetzner Storage Box (free with my VPS) and Arq Cloud Storage. Most of that stuff is also in iCloud, so that should be enough. =)
The rest is cross-synced to all of my machines (laptop, desktop, NAS) with Syncthing via Tailscale
I've also got a few VPSs etc, that are backed up to B2 with restic, although most of the important stuff in them is in Ansible playbooks and Github (configs etc)
A few years ago I went through the "cold storage" options and decided they aren't worth it. Burning CDs and DVDs would require archival quality discs and they're hard to source in 2026. Similarly storing SSDs and HDDs offline is risky, they might just rot in storage. Thus -> just back up to multiple places online and hope that the world doesn't end in a massive global EMP.
Why tailscale? Syncthing works across the internet not just your LAN.
Personally I have a hard drive in my desk at work with backups. Burnt to CDs was my fathers method and 12 years later about half of it is unrecoverable.