I use Syncthing to sync my database between my laptops, desktop, work computer, personal phone, work phone, and my NAS (which gets everything and is set to never delete anything). NAS is backed up weekly, and the password database is also backed up to a few trusted cloud services.
this post was submitted on 13 Dec 2025
-24 points (26.0% liked)
Selfhosted
53627 readers
1421 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
How may drugs have you done today?
Just one marijuana
Back up your data... Including the vault. Cold storage isn't too expensive
It's a bit sad that you're downvoted so hard. You obviously have good intentions, just not having a good grasp yet if I may be frank. The solutions in this post are what you should follow IMO. In short, USB thumb/hdd drives with your important data. Encrypt the whole USB if your devices are under Linux if you wish. Use a proper password manager like KeePass to secure it additionally, with a strong master password of course.
No worries. I am taking notes on all that is said. I should probably work with my brothers in law to back up their stuff here so they can let me backup my stuff there. That way if my house goes up in flames I can drive there and get me a copy. Lots of good ideas being posted.
Yeah that's a great idea! I use that too. An encrypted USB drive makes sure you can trust the data not leaking, and spaced repetition can (should) be practiced to memoize the password. Then you're good I'd say.
Why would your passwords be stolen? If you have a good master password you could pass around thumb drives with the database and noone would be able to acces them, wince they are securely encrypted. Having them on your phone makes no difference as long as you don't leave your phone and password manager app unlocked and out in the open (which both actively warn you against)
Use a yubikey hardware device, only the person with the hardware in hand and password can unlock your accounts
You don't want that as the only option though, because you can definitely lose that and it's not incredibly hard to break.
The solution to that is you purchase a backup key and enroll both when presented with the QR image for new OTP links, or add a secondary FIDO key on some accounts. Then you store the other one in a fireproof box.
Or you use a cryptographic key and print it out using shard tool. The shard tool lets you specify how many splits and how many required for a tebuild. It prints out the shards and you distribute to safe places or people. They are useless by themselves but if you scan in the required amount of pieces the tool will rebuild your cryptographic key
Just takes a brute force or 0 day vulnerability to get master password access, then they have everything.
Something that seems secure never is online, like the 2017 Intel managetment vulnerability where remote attackers could access your computer by sending a null password, and access your keyboard and camera etc
That's why tools like keepass allow you to require more than just a password to decrypt.
Yes 2FA is good, but most people default to their phone being the tool, but your phone number can be ported by scammers, or is often the target of theft
You could always use Shamir's Secret Sharing (SSS) and distribute your password recovery amongst trusted but unrelated friends.
But how can I trust you?
You can't.
Can you trust me?
No.
Use https://www.passwordstore.org/. Sync it to a trusted person's git server. Put the gpg key on a usb stick and give it to them. Write the password to the GPG key on a piece of paper and give it to your lawyer with instructions to give it to your trusted person in the event of your death.
This is interesting. Just recently two of my few YouTube personalities passed away. A co worker too. My co-worker definetly had no plan and his family was left high and dry. We had Robert Murray Smith who was broken when his wife passed and he used science to go follow her. His brother quickly left his followers a message. Finally a photographer who did darkroom demos and such also died. His channel says nothing about it. So YouTube is probably making money off dead people. https://www.youtube.com/watch?v=mElL9M5GhG4 Bill Schwab
So your solution to password theft is to make sure other people have them?
End passwordlessness.
For a single password, it is indeed illogical to distribute it to others, in order to prevent it from being stolen and misused.
That said, the concept of distributing authority amongst others is quite sound. Instead of each owner having the whole secret, they only have a portion of it, and a majority of owners need to agree in order to combine their parts and use the secret. Rather than passwords, it's typically used for cryptographically signing off on something's authenticity (eg software updates), where it's known as threshold signatures:
Imagine for a moment, instead of having 1 secret key, you have 7 secret keys, of which 4 are required to cooperate in the FROST protocol to produce a signature for a given message. You can replace these numbers with some integer t (instead of 4) out of n (instead of 7).
This signature is valid for a single public key.
If fewer than t participants are dishonest, the entire protocol is secure.
I remember learning about Shamir's secret sharing, and indeed the concept is fascinating. I’m not sure passwords is the best use case of something like that, but I’m not completely against it in theory.
This is what an OFFSITE backup is for.
IMO I don't see why you get a second human involved. Store the database in an encrypted form... save a copy to some cloud service. Why count on another human for it
In case my house burns down. I guess a USB in the car would be good.
What's your solution to this problem for the rest of your digital life?
This! OP is asking the right questions, but making a copy of your passwords does not cut it. Find a place to backup ALL your important data (that will be accessible when the house burns down).
I'd refer you to one of the latest episodes of the privacy, security and osint show, but I don't remember the number. So, basically, Michaels solution to that is to get an SD card, place it into a hollow coin and hide it in one of his friend's house, so that he can later ask 'em to retrieve it 🤣
Cloud backups.
Sync it to a cloud
Would a hurricane destroy both your house and car in one event?
Darn! I'm North of Seattle. No hurricanes here, just slow annoying rain. Think of rain, but then imagine it only stops a couple of days of the week. Keep imagining rain, remove the Forest and the frogs and the birds. I would add rabbit squirrel, coyote, and the occasional bear or reindeer... All of them making wet sounds. Moss and algae and mycelium covering everything. Then imagine a shower with a misting effect but for every million droplets remove all but 1 droplet. That's our rain. Everything is fucking wet all the time but just not enough to wash things clean or sometimes even to keep trees happy. Imagine having to water your plants because the daily rain wasn't wet enough. You know when you have a sink full of dishes so you fill it with water, but then you get a call about a relative in the hospital so you leave for a month and comeback to the dishes but now all of them have these water evaporation and dry sludge lines? Yup that's outside. I feel for the homeless here.
OMG, I love that description. I lived just outside Seattle as a kid before moving to the North East. Trying to explain to folks here that it may rain constantly out there but that you get less rain all year than the NE gets in the spring alone usually leaves me exhausted and the listener annoyed.
I need to bookmark this.
Thanks. That was my morning rant because it was sort of raining.
Backups are the most overlooked part of getting into self hosting. You're basically a sysadmin now, you have to act like one. Get remote storage (cloud, friend / family house, hdd in a safety deposit box, etc...) and get your 3-2-1 on