3 copies, 2 formats, 1 big problem: Why modern backups fail
The 3-2-1 backup rule is the gold standard for data backup. I recommend it often, as do most experts. But it’s hard to ignore the fact that some aspects of this backup approach are becoming outdated and it may be time to rethink them to make your data more secure.
The 3-2-1 is not wrong, but it needs some adjustments
Still necessary, but slightly outdated.
The 3-2-1 save rule follows a simple set of principles. To ensure you don’t lose your data, you should store three copies in total on two different types of storage media and always keep one copy in another physical location. This method, introduced in 2005, remains the gold standard for secure data backup, and I’m not here to dispute that.
That said, certain aspects should have evolved over time.
When this rule was first invented, most people were still using hard drives as their primary drives, and the average user wasn’t too concerned about backing up their data. Cloud storage services existed, but were not widespread. Smartphones were in their infancy.
Now that it’s 2026, perhaps it’s time to collectively update the 3-2-1 rule.
Why the 3-2-1 Rule Doesn’t Always Fit a Modern Backup Routine
Some of it needs updating, but there’s so much more to it than that.
Reading forums and Reddit, I often encounter the 3-2-1 rule interpreted too literally. Back when this method was first introduced, CDs and DVDs were both still valid forms of storage, so the “two different types of media” idea made sense. But these days, most people don’t use different types of devices, and optical discs have joined the list of storage types that are officially too old.
Requiring different types of storage can be complicated for people who, for example, own multiple SSDs and don’t want to purchase a hard drive for the sole purpose of cold storage. (Although hard drives are still the best option for cold storage, that’s another conversation.)
A better, more modern approach would be to simplify it and just use two different storage devices, regardless of their type.
Cloud storage is another thing that has evolved significantly since 2009. Many users are much more aware of the dangers of cloud storage, but the potential threats have also changed, leaving a dramatically changed data storage landscape in their wake.
These differences leave us in a strange situation with the 3-2-1 rule, where it doesn’t really fit what many people do. It’s either too much or not enough.
It’s not only outdated, it can be dangerous
The 3-2-1 rule only works when you are vigilant
In 2026, many people follow the 3-2-1 rule entirely by chance. Taking photos often means they are immediately uploaded to the cloud, as many other files do if you use a cloud storage service. But unless configured otherwise, these files are sometimes synced rather than backed up, which simply puts them more at risk from all connected devices while making them easier to delete.
These days, the 3-2-1 rule is as strong as the separation between your different copies. If all three live under the same ID within the same ecosystem, you might as well only have one copy, because if something happens to one, the other copies could suffer the same fate.
Modern attacks often intentionally seek backups. As long as all your backups are on the same network or cloud storage, they are never completely secure.
This is where people accidentally build three copies that all suffer from similar risks. If your backup is accessible like a normal drive, it is not a safe place to store your files. Meanwhile, in the cloud, while most services back up your backups multiple times, you are still dependent on an external service that is outside of your control. And if an attacker gets your credentials, they can easily access all your files.
This gives merit to this part of the “two different types of storage” rule, but it essentially boils down to having two entirely separate devices. Personally, I don’t count the cloud among these two for my most important files: I consider it an extra, provided I even feel like I can trust the service in the first place. It’s often safer to create your own offline NAS, especially now that Windows 10 PCs can be turned into one at minimal cost.
So yes, 3-2-1 still works, but it’s no longer an automatic failsafe. And that’s part of the reason it needs to be both simplified and strengthened: it can make you feel finished when you’re not.
Reframe your backups to stand the test of time
Stick to 3-2-1, but consider branching out
Many people don’t have a lot of data that they couldn’t do without. When a relative of mine lost all his data on an old PC, he simply shrugged his shoulders and walked away as if nothing had happened. However, most of us don’t have this luxury.
If you want to make sure your data is safe, stick to the 3-2-1, but expand on it. Modern thinking about best practices sometimes refers to the latest version of the rule: “3-2-1-1-0.”
The 3-2-1-1-0 rule adds two additional guarantees. You still keep three copies of your data on two different storage targets with one offsite copy, but you also add an additional offline or immutable copy (meaning ransomware can’t touch it). You’re also aiming for zero backup errors, meaning there’s never a set-it-and-forget-it requirement: you go back and test your backups frequently to make sure they’re in good shape. After all, it’s too easy to kill an SSD.
This seems pretty extreme, but it doesn’t have to be. It is on the obsolete aspect of the rule that I would relax. Choose all the completely separate storage devices you want and use them. You could, for example, set up a system where you have your main backup on one device, another frequently tested backup on another, a cloud backup (carefully protected), and an additional cold storage option that stays offline most of the time.
If you consciously follow the 3-2-1 rule, you’re already way ahead of most users, but don’t let that let your guard down. Consider expanding your backup routine to ensure your data stays safe for years to come.
