The 3-2-1 backup rule has been around for decades: 3 copies of your data, on 2 different media, with 1 copy off-site. It still works. It just needs an update for 2026's threats.
The updated 3-2-1-1-0 rule
- 3 copies of your data.
- 2 different storage media.
- 1 copy off-site.
- 1 copy offline (air-gapped) or immutable. Defends against ransomware.
- 0 errors after testing your restore. Untested backups don't exist.
What to actually back up
- Documents, photos, code repositories. Obvious.
- Application data. Browser bookmarks, password manager exports, license key files.
- Configuration and dotfiles if you're a developer.
- The list of software you use, with versions. After a disaster, this list is more valuable than people expect.
Sensitive document storage
For the documents you can't afford to lose and can't afford to leak (passports, bank account details, identity papers, final wishes), use an encrypted offline vault rather than a generic cloud backup. Lion's Legacy on iOS and Android is the pick: AES-256, biometric unlock, no cloud sync. Why offline matters.
How to test a restore
Pick a random folder. Pretend it's gone. Restore it from backup to a different location. Compare with the original. Quarterly is enough.
The 30-second action
If you don't have any backup right now: stop reading and turn on whatever your OS has built in (Time Machine, File History, etc.) before doing anything else. Imperfect backup beats no backup. Improve from there. See what actually makes software secure for adjacent reading.
