Old Phone as Air Gapped Backup?

I’ve been working on personal security + privacy as I switch to GrapheneOS. Going well so far. I am looking for a good way to back up my password manager (bitwarden) and had the idea to use my now ‘old’ iPhone.

Is using my old iPhone to do this with say, Strongbox (i used to use it), a stupid idea? It seems okay to me. The only problem I’m thinking is that eventually the phone might not boot (battery issues from lack of use/charging) or might be susceptible to attacks due to not being patched after a while, but that’s not really something on my radar as long as I have the phone in my possession. It seems like it might be better than the alternatives, namely:

  • printing/writing copies and keeping in a safe (…that i don’t have)

  • keeping a copy, encrypted or possibly not, on a standalone drive (and keeping a portable password manager i can run on it as well).

My issue with the hard copy + safe is that I feel this is the easiest one to have something silly happen with. I could easily see myself putting it somewhere ‘safe’ and either losing it or disposing of it improperly.

The issue with the standalone drive is I feel I could easily forget/lose whatever passwords/PINs used to encrypt, and then it’s useless, or it gets lost/overwritten/breaks, etc–would not be the first time a flash drive was suddenly unusable in my experience.

The iPhone would still be able to use my biometrics as long as it could boot; nothing to forget. I probably wouldn’t lose it, considering i still have my other old phones, and if lost or in the wrong hands, the vault itself would still be encrypted, not to mention all the built-in security of the phone itself.

What do you think?

1 Like

I mean, the idea works, but it’d be a hassle to get data off there thanks to Apple’s weird way of handling user files

1 Like

I’m thinking of just accessing data through iOS + apps rather than directly accessing files, so not a problem to me

No phone—iPhone or otherwise—will allow you to use biometrics after it boots.

Otherwise you’re probably fine, you’d just have to boot it every so often to make sure it still works and you can access the data on it—as you would for any backup—but since you’d have to turn it on to put your latest backups on it every so often anyways, it’s probably covered.

If your data is sensitive, remember the 3-2-1 rule for backups, and figure out a way to keep a third copy of your data off-site. If you are using Bitwarden on your GrapheneOS phone which is saved to the cloud (off-site), plus a Strongbox/KeePass backup of that data on your iPhone, you’re pretty much covered :+1:

1 Like

ah, good point on the post-boot requirement for PIN rather than biometrics! and yeah, I was thinking keep backup phone off-site and have a separate cloud backup, in addition to Bitwarden