Mitro should be accessible while being offline

[jarmo]

Currently, when a device (e.g. mobile phone, laptop) is offline, then accessing my secrets on Mitro is not possible. If that device has used Mitro in the past then there should be a local copy of the encrypted secrets to make it possible to see them while being offline - not all passwords are only needed while being online.

Why is even internet connection needed in the first place to log into my own Mitro?

[evanj]

Mitro was designed to allow teams of people to share passwords, and give organizations control over who has access to them. As a result, we defaulted to "always access over the internet" so that when access is revoked, it takes effect immediately. This also means Mitro always has the most recent information when you use it from multiple devices.

We had always intended to make private secrets cacheable, so this is a good suggestion.

[jarmo]

I understand these good intentions, but how do they work in real life? Let's say that i'm a team/organization owner and will revoke member-X from accessing passwords. To make it really happen i'd still need to change all the passwords as well because i can't be sure that member-X hasn't copied those credentials locally at some point. Or does Mitro somehow prevent this kind of problems? Can't imagine how.

However, coming back to the original issue - i have a WiFi password stored as a secret note and wanted to get that password to access Internet, but couldn't do it because i were offline. I was using LastPass before Mitro and that deficiency surprised me.

[evanj]

That is a good point. However, you would only need to change the password if the user with whom it was shared had ever actually accessed it. The intention was that the first time anyone accessed it, that fact would be recorded. If they had never accessed the secret and you revoked access, it would be done.

Still your point is totally valid: secrets should be cached, after the fact.

[horizonbrave]

Hi, just touching base about this "issue" because I found my self with the same needs: Mitro and a mitro ability to cache password for when offline. Has it be implemented yet? Should I have better luck with the android app?

Many thanks and best wishes for your project

[bitcoinuser]

I would like to see this implemented too. I never exported my passwords. So if Mitro server go offline I will lose access to all my passwords forever?

[8vw]

hi!

I don't know about the security of making mitro offline, but for now, export all your passwords and then encrypt the file/text is a good thing to do.

;) 2015-02-07 18:26 GMT-03:00 bitcoinuser notifications@github.com:

I would like to see this implemented too. I never exported my passwords. So if Mitro server go offline I will lose access to all my passwords forever?

— Reply to this email directly or view it on GitHub https://github.com/mitro-co/mitro/issues/68#issuecomment-73383921.

Murilo Monteiro

---

Antes de imprimir pense em sua responsabilidade e o compromisso com o meio ambiente.

[jarmo]

Stumbled at this issue again. PC lost network connectivity and i wanted to log into gateways administrative interface, but couldn't get the password for administrator from mitro due to missing network connection. Mitro showed me an unknown error.