It really doesnt matter much imo. The obvious best choice here would be three copies on three media in three locations. You can also argue for more. It depends on your threat model. If you have an offsite backup that is reachable from the host machine, a ransomware attack can still devastate you. I have therefore made deaddrops for backups so no machine or user has access to all of them.
My general rule with backups is the standard you pretty much hear everywhere: 3-2-1
3 copies of every file you value 2 different media 1 off site
For example, you can have two copies on one drive and a third in the cloud. That way you prevent accidental deletion, bit rot and house fire.
I dunno about 2 copies on one drive - they’re both at risk of the same drive failing, etc.
It really doesnt matter much imo. The obvious best choice here would be three copies on three media in three locations. You can also argue for more. It depends on your threat model. If you have an offsite backup that is reachable from the host machine, a ransomware attack can still devastate you. I have therefore made deaddrops for backups so no machine or user has access to all of them.