Backup questions (data, passwords, device and 2fa)

I’ve been looking into my file management and backup procedures over the last few days and would like to hear your thoughts.

BACKUP

Basically, I have a partition which I’ll just call ‘data’ for simplicity’s sake. Everything is stored there. My working copy, which is naturally always up to date, is on my laptop (currently running Windows 11 Pro and therefore encrypted with BitLocker). Every two weeks, I transfer the entire partition to an external SSD and encrypt it with VeraCrypt. Once a month, I do the same again on a second SSD.
I store the most important and regularly needed documents and files in Proton Drive so that I have them available everywhere. Proton Drive is encrypted by default.
I have the same important data on a USB stick, which I have also encrypted with VeraCrypt.
I also have many documents in physical form, kept in a document folder.

PASSWORD MANAGER AND 2FA

I rely on many accounts, particularly Proton, Tuta and Ente, for my day-to-day life.
However, my Proton and Ente accounts are the main gateways through which I access all my other services and so on.
I export Proton Pass and Ente Auth in encrypted form using the built-in export function and store these in ‘data’ as a backup.

Here comes my first question. Is double encryption (e.g. Proton Pass exports are encrypted with PGP and my backup is encrypted again with VeraCrypt) a problem, or could something go wrong?

I also regularly export other important services (such as Notesnook and Obsidian) and encrypt the data where necessary.

What software can I use to encrypt individual files? Windows and Android are my main platforms.

I store the passwords for Proton and Ente (as these are the most important services for accessing everything) in plain text (using an emergency sheet).
This emergency sheet therefore contains the following: Proton and Ente diceware passphrases, Proton and Ente backup codes, VeraCrypt encryption passphrases, device encryption passphrases where applicable, and the recovery codes for all the services mentioned.

I’m still undecided about where to keep the Emergency Sheet in the end.

All the backups mentioned here are stored in multiple locations in accordance with the principle outlined in the first chapter, and are therefore fail-safe.

Is my setup secure against targeted attacks? I’m reluctant to keep my Emergency Sheet in analogue form, as it would be compromised in the event of a break-in.
Are there any gaps in my system that could, in a worst-case scenario, block my access to everything? Please analyse this and let me know of any potential weaknesses. Thank you!

Nothing is 100% guaranteed all the time. You follow the best OPSEC for your threat model per guidelines that PG espouses and you should be okay.

Single encryption is more than enough I feel. Doing it twice doesn’t add any real value.

Cryptomator.

Why? Just remember them. You just need to remember a couple at most to get into your accounts should you ever lost all your electronics and buy news ones to get into any of your accounts.

Should be. But no one guarantees anything.

Can’t be done fully because you have not explained your threat model. Not sure where you’re coming from and why you’re going about the way you are.

Unfortunately, I’m still finding it difficult to draw up a ‘threat model’, as I don’t see much point in it and it’s a theoretical construct. But I’ll give it a go.

Essentially, I want to protect myself against the attacks outlined by PG. ‘Targeted attacks’ are relevant here, although with the setup described, I won’t be a target of highly specialised attacks of a government or so. This is a separate issue, which I’m considering in isolation (political activism).

So, essentially, I’m protecting myself against human error (on my part), attacks by hackers or malware, and compromise by other people (close associates, burglars, etc.).
Against everything, so to speak. With this approach, as I understand it, I can also carry out certain high-risk activities (of a political nature) whilst remaining protected against highly specialised attacks thanks to the encryption. But it’s not the main aspect, just a bonus.

I am a bit late in the game. And my response below might not be the response you are looking for, but please believe me I am in good will.

The first thing that caught my eye was:

First, since you are using bitlocker, BitLocker is far from bulletproof, see This and This. Bitlocker has always been problematic and not very solid since its introduction.

Second, Veracrypt is subject to key extraction from ram, see Veracrypt Documentation.

If you are conducting high risks political activities, that means you falls under extremely high risk category. That means you are physically under threat. I would not count on them if I could be detained and my devices seized.

The second thing that caught my eye was

From your post, your perceived threats includes

1. Break-in by burglars - physical targeted / non-targeted attack (#1)
2. Human Error - Poor OPSEC(#3)
3. Hacks and malware - remote targeted / non-targeted attack (#3)
4. Physical compromise from friendly people with physical access - HIGH STAKE physical targeted attack (consider the possibility of that friendly being threatened by your adversaries) (#3)
5. Political adversaries - HIGH STAKE physical targeted attack (your personal safety is also at risk) (#3)

If the above threats are genuine threats, I would say your current approach is DEFINITELY WRONG, and I suggest you to seek relevant NGOs for cyber security (that aligns with your political spectrum) advise ASAP.

Back to your question:

I would recommend you to have a good read on Veracrypt Documentation about how to backup securely and limitations, etc.

If you value the data and the safety of your allies over your personal safety, do not store things locally. The feasibility depends on what tasks you need to perform.

Why do you suggest this over Veracrypt?

Because OP asked for encrypting individual files and small amounts of data. I feel Veracrypt is for securing your drive or much larger chunks of storage. Both are great at what they do.

I appreciate your reply!

Cryptomator scares me because of the paid version on Android… they could make the other versions paid for products as well…

It’s one time payment. It’s not a big deal. Or simply use the desktop version and use Proton Drive or something for select things on mobile.

I appreciate your reply!

It’s just that Veracrypt seems safer as it’s 100% FOSS compared to Cryptomator… What if Cryptomator jacks up the price or switches to a subscription model which many companies are now doing? You’d have no choice but to buy their product because your files have been encrypted with them…

I get what you’re trying to get at. And such concerns are valid.. most times.

But you can take the same logic to extremes too. What if I get hit by a bus tomorrow? What if this..? What if that..?

Live, use the tools and tech as you want today. There will always be a way to use the things and tech you want.

But considering Cryptomator, their history, and commitment to open source and transparency, I don’t see them doing that and becoming enshittified. Relax.

If you like Veracrypt, use that then. I’m not saying there is only one right way to do things. But there’s a right tool for the right purpose to use. But you can surely make do with another tool too, if it suits your values and preferences more.

I personally like Cryptomator because it works well for me.

I would say they have different use case.

Cryptomator encrypts individual files on the fly with minimal intervention, where veracrypts is like a zip file if u use containers.

it is more usable and practical to upload 10000 50MB encrypted files, than 1 500GB container.

Thank you for your reply.

First of all, as a general rule: I will not be carrying out high-risk political activities using the setup I’ve described here and am currently using. For that, I will use separate, isolated devices in future. As you mentioned, this usage scenario requires more robust measures, although, to the best of my limited knowledge, VeraCrypt is supposed to be very good for this.

Basically, I want to protect myself against everyday threats. Against everything, except government attacks, for example.

I keep important personal documents here, so nobody should have access to them. If that were to happen, with malicious intent, my identity could be misused.

Of course, this could also happen at the government level (state hackers), but I consider the risk to be low in my personal setup for everyday use.

Nevertheless, my data should be fail-safe (hence my backup solution) and secure from access by third parties (whoever they may be), hence the encryption.

Perhaps you can give me some better tips now!

I’m aware of that. That’s why I plan to switch to encrypting my system hard drive with VeraCrypt in the near future.

What exactly does that mean? I’m new to this subject and don’t fully understand it yet.

How could this compromise my encryption?

BitLocker obviously not. But which would you use then? My setup is using Cryptomator and VeraCrypt as mentioned here in this thread. That’s certainly enough for my purposes, but if I were to use stronger encryption for my ‘political setup’, I might as well do the same for my personal stuff too.

Edit: Perhaps you can now better assess my full setup (protection against everything, except perhaps government attacks). I’ve taken note of BitLocker’s weaknesses and will switch to VeraCrypt for system encryption for as long as I’m still using Windows.

That means if LE seized your device, in certain scenarios, they could retrieve the encryption key from system ram, and use that to decrypt your drive. I am not super technical so you better check out Veracrypt’s documentation for details.

See my previous reply.

Since you clarified you are asking about data backups and data security for day to day life, I would say your proposed measure is way overkill.

I would also say it is too complicated for my taste, but if it works for you then it is totally fine.

Unless you are a HVT, e.g. well-known crypto traders, people who physically stole your device wont bother with tinkering with your device, mostly likely they would simply wipe and sell (or use) the device. Therefore a password protected FDE, be it Bitlocker or Veracrypt, would be perfectly fine.

For other malware or software vulns, again, if you are not a HVT, usual OPSEC would suffice.

Regarding your emergency sheet, I don’t have one. I rely on KeePassXC to store all credentials and keys, I keep backups across all my devices as well as on Proton Drive (with emergency access enabled). Since the Vault is protected by a easy-to-remember password with over 150 entropy, I don’t need a paper to help me.

I am glad to see you are not conducting high risk activities (yet).

When conducting high risk activities, the primary concern is not your data, is your personal safety. Adversaries hack your device, steal your data, threaten your closed ones, to GET YOU (in order to dismantle your future campaign or operation), YOU are the real target, again, ITS YOU (AND YOUR ALLIES), NOT YOUR DATA.

Please keep that in mind and build your future setup and protocols base on this.

Sorry for the late response.

That is no threat in my current setup.

Cryptomator? Sorry, I don’t see anything haha

This is good tbh. That means that for normal activities, protecting against every threat (expect targeted government attacks) I’m pretty good with my setup. So, my setup is not really complicated for me and I can now say I have a pretty good, private and secure backup and data security setup! Thank you

That is clear to me but still thank you for reminding me!

If you got the answer you need, it would be nice if you flag that post as answer, so people (like me) knows the question is solved.