Philip Newton (pne) wrote,
Philip Newton

Password safe Catch-22

You may have heard how Mat Honan’s accounts got hacked and most of his data wiped.

Today, I read a story of how he got his data back.

One bit that resonated with me was a Catch-22 he described about getting his passwords back:

I’m a heavy 1Password user. I use it for everything. That means most of my passwords are long, alphanumeric strings of gibberish with random symbols. It’s on my iPhone, iPad and Macbook. It syncs up across all those devices because I store the keychain in the cloud on Dropbox. Update a password on my phone, and the file is saved on Dropbox, where my computer will pull it down later, and vice versa.

But I didn’t have it on any of our other systems. So now I couldn’t get to my keychain. And so I was stuck in a catch-22. My Dropbox password was itself a 1password-generated litany of nonsense. Without access to Dropbox, I couldn’t get my keychain. Without my keychain, I couldn’t get into Dropbox.

And I have pretty much the same setup (with s/1Password/Password Safe/).

So perhaps I should write down at least the Dropbox password somewhere safe, so that I can get back at my password safe database.

Though I do also have a copy of the password safe database on an external hard drive (which may be out of date since I do that backup manually, with Unison, but the Dropbox password is not likely to change so even a two-months-old password safe database would help) and use CrashPlan to backup my main computer (including the Dropbox folder) both to the CrashPlan cloud and to that external hard drive.

Now, I’m not completely safe since I don’t have a hard drive I store off-site, but I think that might help.

Still: back up your data regularly! Have a backup plan in place! Best if it works automatically so that you can’t forget to backup updated data. I’m fairly happy with CrashPlan so far, but go with whatever works for you.

Ideally, test your backups to make sure they still actually hold your data. Admittedly, I’ve never done a full restore simulation from CrashPlan, but I have restored individual files and folders occasionally through their web interface (mostly as a way of accessing files from my home computer on another one, such as my work computer), and did get my data. (The metadata was sometimes off, though; at one point, everything was dumped into a single folder in the ZIP file rather than in the original folder hierarchy, and at another, the timestamps were all “now”, or maybe that of the most recent backup event, rather than the timestamps as they were stored on the disk.)

Tags: backups
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded