Using 1Password on systems without internet access?

tzstzs Junior Member

This is just out of curiosity. I've been contemplating my options for going from my current stand-alone 1Password on Mac/Windows to 1Password 7, and trying to understand all the ramifications of staying stand-alone vs. going subscription, and thought of the following hypothetical.

At work we have a network that is mostly blocked from accessing the internet. (It's where we handle credit card processing. The only outgoing internet access allowed is access to payment gateways).

I'm just curious. Would it be possible to use 1Password in such an environment?

I'm currently on a stand-alone license, so I don't think that there are any fundamental operational issues. I'd just have to manually sync my vaults with their peers outside the isolated network. That's no problem.

However, how about entering the license key in the first place? Does stand-alone 1Password require internet access to verify the validity of the license key, or is the license key self-validating?

If it does need internet access to initially verify the license, I could probably arrange a one time hole in the firewall to let it through. Would that be sufficient, or does it need to periodically talk to something at AgileBits to verify the license is still valid?

How about if I were on the subscription service? No way could I convince them to white list 1password.com on the firewall, but since the subscription version does keep a local cache of the cloud vault...could I manually move the cache from a copy outside the firewall and somehow make 1Password inside the firewall think that copy was its cache?

My understanding is that on Mac, subscription 1Password can use local vaults, and with 1Password 7 that will be true on both Mac and PC. So using a local vault should address the vault access issue behind the firewall, but what about logging in? Would I have to open the firewall once to let 1Password see that my account is not frozen? Would it need to periodically verify that?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    At work we have a network that is mostly blocked from accessing the internet. (It's where we handle credit card processing. The only outgoing internet access allowed is access to payment gateways). I'm just curious. Would it be possible to use 1Password in such an environment?

    @tzs: It really depends. If you can sync the data when you're on another network, then yes, you'd have the data cached locally already when you're in that environment. Personally I think 1Password is considerably less useful without internet access, but it's an interesting use case. :)

    However, how about entering the license key in the first place? Does stand-alone 1Password require internet access to verify the validity of the license key, or is the license key self-validating?

    I'm honestly not sure at this point, as we haven't finalized licensing for the new version. It's probably best to assume that it will require an active internet connection at least temporarily...but again, some key features (especially Watchtower, Rich Icons, and sync) depend on network connectivity.

    If it does need internet access to initially verify the license, I could probably arrange a one time hole in the firewall to let it through. Would that be sufficient, or does it need to periodically talk to something at AgileBits to verify the license is still valid?

    While I can't say definitively at this stage, the chances of that being the case are slim. It's not something we've ever done in the past for licenses, and it would be one more thing that could cause issues for offline use.

    How about if I were on the subscription service? No way could I convince them to white list 1password.com on the firewall, but since the subscription version does keep a local cache of the cloud vault...could I manually move the cache from a copy outside the firewall and somehow make 1Password inside the firewall think that copy was its cache?

    That's not going to work. You'd need to the machine to be able to connect at some point to both send and receive data. If this is a desktop machine that will always be subject to these same restrictions, it's probably not going to work for you as is. But we'd be happy to discuss options with your company, as we have with many others, to see if there's a way we can work together to allow you and others to secure their data without compromising the company's security.

    My understanding is that on Mac, subscription 1Password can use local vaults, and with 1Password 7 that will be true on both Mac and PC. So using a local vault should address the vault access issue behind the firewall, but what about logging in? Would I have to open the firewall once to let 1Password see that my account is not frozen? Would it need to periodically verify that?

    If you're using a license and local vaults, there is no logging in. But with a 1Password.com membership, the vast majority of the benefits of the service involve being able to connect to the internet at some point, both to authorize devices and send and receive data so that you get changes reflected on all of them. It sounds a bit dicey as-is, but feel free to reach out to our business team at [email protected] and we'll see if we can work something out. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file