[toomuchtodo]

Keep a copy in there if you want for convenience, I argue you’ll still want a paper backup somewhere. Opsec is hard, people are fallible.

“What was the password?”, “Where’s the Yubikey?”, etc. These are not the failure scenarios you want to encounter during a tragedy (speaking from experience).

[pkage]

Bank safety deposit box is probably a good option for backup, it's very unlikely that both your home and the bank will burn down at the same time.

[kbelder]

My house, several of my friends' houses, my insurance agent's office, my vet, all burned down in the same wildfire a few months ago. Local banks were destroyed along with everything stored in them, and we nearly lost our kids' school. Standing at the remains of my house, looking around at the destroyed community, it looks like we were firebombed. Not modern precision strikes... WWII scale, wrath of god, miles of destruction firebombed.

Anyway, I'm just saying that things you think are safe, really aren't. It's inconceivable that two houses across town from each other would burn down on the same day, until they do. Probably not going to happen, but sometimes it does.

Thankfully, my wife grabbed the binder with accounts and passwords, along with the kids and pets, when she evacuated, while I was stuck on a backed-up freeway an hour away.

I've been very conscientious since then about keeping both a physical and digital copy of everything important. I would never trust digital alone, but a physical copy just isn't reliable enough.

[imtringued]

What if you keep a digital backup in your car? The mobility of your car should spread the risk. If your house burns down during work hours your data will be safe.

[NikolaeVarius]

Safety Deposit boxes are not trustworthy

https://www.nytimes.com/2019/07/19/business/safe-deposit-box...

[Dylan16807]

A pile of papers will probably survive a lot better than a valuable object, at least.

[teej]

The bank across the street from me is 100% burning up in the same fire as my apartment if the California wildfires get to me.

[teruakohatu]

Fires are strange beasts. Sometimes one house in a street will survive completely unscathed and the rest all burn down to nothing.

A street is a firebreak. An earthquake might level you and them but a fire won't necessarily.

[toomuchtodo]

A lot of banks have been phasing this product out, but if your bank supports it, I highly recommend it. Usually, they’ll even allow you access with a drilling fee if you’ve lost the key but can show multiple forms of ID. Whether this is good or bad depends on your threat model.

[legerdemain]

What's a good, safe place to store the key?

[toomuchtodo]

Either on your keyring or in your fire safe. As I mentioned, if you lose it, you can get the lock drilled at the bank with sufficient ID. All trust waterfalls to meatspace trust providers, just like if you lose your Yubikey AWS support will reset your hardware 2FA with sufficient evidence you are you.

[kbelder]

Just a note about safes... our community had a wildfire sweep through, and I have not heard of any fireproof safes actually working. Some were cracked open, or were so compromised they could be snapped apart by hand; some survived, but there were only ashes and melted metal at the bottom. I'm sure I didn't hear about the successes, only the failures, but still...

I don't want people to proceed with the notion that those safes are actually fire-proof. Consider them 'fire-resistant' safes that conditionally offer some extra protection.

[tbyehl]

Every single one of them probably "worked" as designed and marketed, or close enough. Safes don't claim to be fireproof and will clearly state something like "Fire protection for 1/2 hour at 1400F." Very few get into "Likely to survive the total burn-down of a home" territory.

[pbhjpbhj]

Fire address AFAIAA are rated by time normally, so they'll be rated to withstand a fire for an hour - giving time for the fire services to extinguish it. A safe that survives a whole house burning to the ground seems like almost an impossibility.

[fiddlerwoaroof]

Safety deposit box at a different bank

[danboarder]

I think giving a USB key or login details with access info to your password manager to a trusted friend or family member might be preferable to having a paper binder that could be lost in a disaster situation.

[epse]

You'd have to account for bit rot though

[jannes]

I recently looked at an old USB key that had some JPGs stored from ~5 years ago.

I was astonished to see that over 50% of the photos had some sort of bit rot that broke the JPG rendering. Many photos would display correctly at the top until the row where the damage occurs and then display grey for the remainder.

This definitely occurs more than you would think on USB keys.

[solstice]

You could generate parity files to guard against this. There was some discussion recently here about tools to do it. One example that is decent is https://github.com/brenthuisman/par2deep

[avereveard]

even for personal safety you need layers of backups. my phone recently lost all data after it botched it's own update, and restoring some key has been a true pain. I've a binder with almost all of the important authenticator tokens or relative recovery codes, but some bank application do the otp setup on their own app side channel and required a lot of paperwork and calls to get it fixed.