The 3-2-1 backup rule

I guess we all know this saying and I guess all of us have already advanced from type 2 to type 1 a long ago:

There are two types of people :

  1. People who do backup
  2. People who will start doing backup

Author: life, for sure 🙂

If we talk about backups, there is also one another pretty wise rule: The 3-2-1 backup rule:

3-2-1 backup rule:
3: Create one primary backup and two copies of your data.
2: Save your backups to two different types of media.
1: Keep at least one backup file offsite.

While I have never had any issues with the first two points, keeping the backup offsite was somehow problematic for me. A cloud is a convenient solution, however, I always felt remorse after putting my important data there for
various reasons:

  • The security of the cloud provider can be compromised and my data will leak
  • The data can be potentially accessible by cloud provider’s employees
  • I believe the uploaded data is often (if not always) collected by intelligence agencies
  • Cloud providers (like Google or Microsoft) already know too much about me (in case of Google, you can Download your data) to check what and how much it is. To me, the result was scary)

Sometimes people say they do not care as they have nothing to hide. I would rather say my data is not someone’s else business. No matter whether I have anything to hide or not.

Cryptomator for the rescue!

To mitigate this issue at least a bit, I used i.e. password-protected archives or GPG encryption (by using a certificate uploaded to U2F key). However, none of them were as convenient as Cryptomator ( because I had to encrypt/decrypt files myself.

Basically, Cryptomator will create a vault – a password-protected folder. The folder can be stored locally (on your PC or phone) or in the cloud (i.e. Google Drive, OneDrive, etc.). The only thing you have to remember is a password.

PC (Windows, Linux)

Once you unlock the vault, the Cryptomator will mount a drive where all files are accessible. When new files are put there, Cryptomator will do the encryption on the fly and place them inside the vault (encrypted folder). If the vault is synced with the cloud, the encrypted files will then be transferred.

Cryptomator windows app - source:
Windows app with several vaults (source:


The Android app also works flawlessly. It is possible to create a local vault or connect to several cloud providers:

Cryptomator windows app - source:
An Android app with several vaults (source:

Vaults can be browsed and new files can be uploaded there. The APK can be downloaded for free or purchased from Google Play.

macOS and iOS are also supported.

Why Cryptomator?

I use Cryptomator for several cloud providers and local folders for some time. Why I can recommend it without any hesitation?

  • it is open source: Cryptomator GitHub
  • it is completely free, you can donate it if you like
  • it offers apps for all platforms
  • it is extremely easy to use
  • last but not least, it just works!

How to download it?

You can use Windows Package Manager (see winget – Windows is not that bad):

winget install --id=Cryptomator.Cryptomator -e


Will it solve all my problems?:)

Just because I have an Android phone, I use Google tools heavily as well as I have Windows on my machine. Therefore, Google and MS can run Big Data queries on GBs collected about me:/ Still, Cryptomator adds another level of protection, at least over my most sensitive data in the cloud. Easily and for free! If you have not used such a tool yet, just give it a try.

P.S. There are also other alternatives worth looking into, like BoxCryptor or VeraCrypt. In my case, Cryptomator was still the best choice.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *