Which FileVault 2 recovery option is more secure - storing the recovery key in iCloud, or saving it somewhere yourself?

security filevault icloud encryption recovery

Which would be more secure?

The answer to this can only be determined by you

What you have to do is find the balance between usability and security and that balance can only be determined by what you are comfortable with.

It's not so much where you store your passwords/recovery keys/etc. but how you store them. There are many levels of encryption that you could employ from a basic AES-256 to using Steganography to embed triple encrypted salted and hashed keys.

The more complex you make it, the more secure; the cost being the more inconvenient it becomes to access your data. Likewise, the corollary is also true, the less complex the security, the less secure but the payback is easier access to your data.

So, what you have to do is a simple risk assesment:

  • The value of the data to you (i.e. what's it worth to you?)
  • The importance of the data (can you live without it?)
  • The cost of the data (how much did/would it cost you to (re)create?)
  • How accessible do you need it (every day, every year, once in a lifetime?)

Granted, this is a very abridged version, but should suffice for this scenario.

Use the answers to the question to see what makes the most sense keeping in mind that the moment you place the data on someone else's servers (meaning the cloud) you inherently introduce risk into the equation.

Ahh...but with that last statement, you might be thinking "I should store it offline." That's a possibility, but then you introduce the issue of losing your data should you misplace the device (i.e. USB flash) that you placed it on.

What do I do?

My critical stuff is on a USB that is disguised as an innocent looking object. It's backed up to another USB that is placed in a safe in an undisclosed location.

My "not so critical stuff" is encrypted, then put on a cloud provider for ease of access.

But, that's what works for me. YMMV


Saving it somewhere yourself is more secure as long as that somewhere else is memorized in your own brain. Otherwise the answer to this isn't static.

iCloud can have vulnerabilities and so can Dropbox. Knowing about some vulnerabilities only informs you about those that have become public. Right now we might possibly know about a vulnerability in iCloud, but tomorrow that could be patched and 12 vulnerabilities in Dropbox could be revealed.

I would consider them to be basically equal if you aren't going to memorize the recovery key.

As an aside, I don't memorize my own keys, I keep them in Dropbox using 1Password

Related

Recover and decrypt email app password
Export PPT as mp4 or mov in PowerPoint
Missing purchased tab in App Store and Family Sharing in iOS 11
Interjection of exasperation or frustration when something is not working properly
What's the difference between "family affair" and "family stuff"
What's the word for horse-headed human? (Opposite of a centaur)
Origin of pronunciation of "er" as "oi"
Is there a single word for "a sub-component of a scientific contribution?"
What’s the word(s) that means a person who stands for something only for the recognition?
Is it incorrect to omit the "to" after the object after "round" like "Round your answer one decimal place"?
A "team" has or have an assigned task?
Does a "two-fold decrease" result in a 'quantity - 200%' or a 'quantity/2'? [closed]