Jump to content
Sign in to follow this  
support

Offline Access

Recommended Posts

A customer has requested an offline version of Passwords a that you have access to, in the event you are out at a site with no internet access.  The idea being your export some data to a local file on your phone, or tablet etc before you go to site, and you'll be able to search through this file for passwords with out having connectivity to your Passwordstate web site.

 

We haven't thought ourselves about a secure way we can do this yet, but if we get enough interest in this we'll look into it sooner rather than later.

 

If this is something that you think you'll benefit from, please give it a thumbs up here, or any comments you like to help us understand how our community could use a feature like this?

 

Regards,

Support

Share this post


Link to post
Share on other sites

+1

5 hours ago, support said:

We haven't thought ourselves about a secure way we can do this yet, but if we get enough interest in this we'll look into it sooner rather than later.

 

I'd suggest it to utilize the existing check-out/check-in system so the passwords aren't modified by another user while being 'offline' (however, they do remain viewable).

Share this post


Link to post
Share on other sites

Hi Sarge,

 

We believe the customer's request was to export all passwords they have access to, in some sort of offline manner - so we don't think checking out all passwords would necessarily work in this instance. Not sure if there is any ideal solution for this.

 

Regards

Click Studios

Share this post


Link to post
Share on other sites
17 hours ago, support said:

We believe the customer's request was to export all passwords they have access to, in some sort of offline manner - so we don't think checking out all passwords would necessarily work in this instance. Not sure if there is any ideal solution for this.

 

In that case there is already an export passwords feature that could be used, additionally exporting all passwords they have access to could be hundreds (thousands in our case), which is a huge security risk.

 

I can see the use case for this - if it were a per-password list implementation (With an adjustable limit as to how many lists/passwords could be "offline").

Share this post


Link to post
Share on other sites
3 hours ago, Sarge said:

which is a huge security risk

We agree, which is why we have not implemented this yet, but we keep getting requests for it :)

So we would need to provide this as an option, so customers can enable/disable as required. Currently we do not have the ability to export all passwords the user has access to, and we think they would prefer a nicer option than a password protected zip file - not really that usable on mobile phones.

Regards

Click Studios

Share this post


Link to post
Share on other sites
On 4/24/2019 at 2:09 PM, support said:

So we would need to provide this as an option, so customers can enable/disable as required.

Definitely, but I still think it should be per-password list instead rather than just an export of all passwords the user can access. Mitigates the security risk slightly - the user would have to export all lists they had access to themselves - either via API or manually.


I'd also like to see the password list that is exported marked as "offline" in some manner that can prevent other users from updating passwords until the list is marked as "online" again (by and security admin or the original user). 

Share this post


Link to post
Share on other sites
On 5/25/2019 at 4:50 PM, ITTC said:

If you offline why do you need offline access to passwords? User will not be able to use this data, if he offline!

 

 

On 4/23/2019 at 11:12 AM, support said:

in the event you are out at a site with no internet access

 

Share this post


Link to post
Share on other sites

Not all passwords stored are for web or online services.

 

As an IT Administrator, the "keys to the kingdom" need to be stored in a secure location.   Any type of contingency or failover plan can often require the original, root, or administrative accounts.   I've tried to design around this, but sometimes it's needed.

 

My thoughts

  • definitely make use of an audit log.   
  • I personally like a "check out" feature, or "hold offline" password marker so that I can designate which ones I need (or not).
  • Another solution I used encrypted the cache, but also required the device/app to check in every so often else items would be destroyed/inaccessible.

An "export all" feature is different to me than offline access.  It might just be more of a report for terminated users and "what passwords do we need to change".   Customers love using a common account and sharing passwords - until they can't anymore.

 

Share this post


Link to post
Share on other sites

I think in offline version would be nice -- in our current setup Passwordstate is only accessible when onsite or connected to VPN.  However, I do agree that there needs to be someway for administrators to limit what can be made available in an offline state --- perhaps only certain types of lists or a flag on the list itself that can only be controlled by a Security Administrator.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...