Encryption, 2FA, cloud files, rabbit hole - help!

I decided to change my 2FA from Authy to 1Password (I get the pros and cons of having 1P do both but I feel ok after spending way too long reading up on it).

This, however, led me down a rabbit trail of updating weak passwords at various sites, enabling 2FA,

THEN - I got to fretting about whether I should have an extra layer of protection (encryption? password protection?) for a few of my cloud-based files (e.g., tax info, for a time my 1Password emergency kit, etc.). These are all in Dropbox or Google Drive, which THEMSELVES are protected by 2FA, but I just wondered should I get a life – or should I worry further still about FURTHER protecting these?

I was all set to install and try out Boxcryptor, but saw that they just sold to Dropbox and are not allowing new accounts (neither is the functionality apparently available in Dropbox yet). I did simple pdf password protection of all my tax files within Dropbox, but just wonder if enough is enough or I should sensibly be doing anything else?

if you have a NAS, you can move your cloud files (encrypted) to you NAS folders, then backup to Google Drive or OneDrive, etc using user defined passphrase for encryption.

I think there may be other neater solutions that others can offer, but this is one that I can come up for now

As far as encryption, you could also look into cryptomator.

1 Like

I prefer to keep sensitive data in dmg files encrypted with a long randomly generated password. And I keep an extra copy of things like tax returns in 1PW.

1 Like

geez I confess I don’t know what that means exactly or how do do it. Is that using Disk Utility to convert a file or folder to a .dmg file? And then I can add a password?

Yep. :+1:t3:

VeraCrypt is precisely what you want and works much better than a disk image. It is also cross-platform. You can create an encrypted container and mount it with the key. It uses extremely strong encryption.

Security-wise, would you be comfortable storing an encrypted dmg on something like backblaze b2 (which itself is encrypted) or iCloud Drive?


In the U.S. “There are three levels of security clearance : confidential, secret, and top secret.”

“(6) The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and
256) are sufficient to protect classified information up to the SECRET level.”

IMO, that should be good enough for my tax records.

CNSS Policy No. 15, Fact Sheet No. 1 (nist.gov)

Thanks. 1password will generate a random 100 character password. I’ll used that for my encrypted dmg.

100 character password? That makes me think you are either protecting launch codes or Wonder Woman’s phone number :grinning:


Unfortunately it’s the former not the latter. :grinning:

1 Like

This is what I do, storing them on iCloud Drive. On iOS I use Disk Decipher.

1 Like

I almost never need sensitive data, that’s not in 1PW, when away from the office. But when necessary I’ve been using an encrypted apfs external drive.

It appears Disk Decipher would allow me more flexibility. Thanks for the tip.

A life is a wonderful thing, I highly recommend it.

I keep my tax records, etc. in 1PW and in encrypted dmgs on my laptop. I keep just about everything else in my Google Workspace account. My GW files sync to my laptop and everything is backed up locally and to Backblaze B2 via Arq. (I also keep a hard copy of my 1PW emergency kit around because one day I’m not going to boot up.)

Privacy and security is important. But those terms are especially important to marketing departments who are trying to sell you something. Seven years of tax and bank records, digital copies of my birth certificate, passport, drivers, & pilot licenses, etc and everything else that I consider sensitive could fit on a thumb drive. It doesn’t take much to store and protect them.

My medical records are all online. I can access billing, test results, medications, etc. though an app. Information like my name, address, birthdate, place of employment, etc. is public knowledge. Regular email isn’t private, the best we can do is protect our account so others cannot use it. And I don’t worry about anything that I know is available on a commercial background or credit report.

IMO, we should protect the few things that can be protected and use reasonable caution with everything else.