Just a reminder: if you are deciding to migrate from LastPass to something else, the password export malfunctions for unknown reasons. If you have memos, it could be a character in the memo.
You must make sure the exported CSV file has everything!
This really hurt me last year, when I migrated away. I didn't realize at the time how much didn't come with, so I've been playing the reset / recovery game since.
I feel your pain. I switched to KeePassXC, and will never use an online password manager again.
For a password management company, they can't even be bothered to fuzz their export functionality. QuickCheck works unreasonably well on `import(export(a)) == a`.
But maybe it's intended to be buggy, in order to keep you in their walled garden. Clearly the sync between devices works, so they have solved this problem.
> Clearly the sync between devices works, so they have solved this problem.
Presumably they don't use CSV to sync, they're using a saner json/etc. data structure that they're not letting us export ourselves. Seriously, being limited to CSV in this day and age...
This is years ago now, but every ampersand in my passwords came across wrong. I can't recall if it was missing or url encoded, but even passwords weren't safe.
I want to as well, but annoyingly there are many sites that insist on a "special" character because their strength measure says "low" for the 20 character alphanumeric string I generated %-}
My favorite is when they actually limit what special characters you can use. Must include 1 of x special characters. Why? I always just assume they baked their own password storage and couldn't figure out how to handle the whole set of special characters
Multiple times I've found that this is caused by a web application firewall that is intended to mitigate SQL injection attacks. So they disallow the characters that would commonly be used in those attacks.
On those sites, I generally insert the same fixed uppercase-and-symbol string on my zbase32ed-entropy passwords. Zbase32 tends to produce numbers already, and that combo tends to satisfy the silly sites.
Well, this completely explains where one of my Truecrypt volume passwords disappeared to after migrating away from LastPass years ago. Too bad the account has long since been deleted.
Also if you try to export multiple times it will start spitting out exports full of duplicates. Only safe way is to export right after a fresh session login.
I moved to BitWarden a year ago after a billing problem with LastPass that their support handled badly. I haven't had any problems with the migrated data and I finally deleted my LastPass account last month.
As today I attempt to perform the migration, their export to CSV outputs a CSV with 2 lines of my 700+ passwords.
The HTML in the page shows a lot of items, but if I save directly from there, it's poorly formatted, it won't import anywhere.
* custom "items", so instead of "Password", I also have my own
* attachments, which I know 100% are not exported. There is a CLI app to help with that, but still horrible
* I have large notes with weird characters, which makes me concerned if they will be exported properly
* Last time I checked, the CSV seemed very broken (not respecting the standard), I'd be surprised if it imports properly
That's the reason why I haven't moved.
I'd move to bitwarden, but the lack of tags is too much for me. I use tags everywhere, I don't want to deal with directories anymore, so 1Password it is.
I moved to 1password a few years ago and haven't regretted it for a second. I still have Lastpass installed, but it's probably getting to the point I can delete it.
Last I checked, they still didn't have a useful Content-Security-Policy header on their Web Vault (which would prevent XSS), and also didn't have a way to separate "being logged into the extension" from "being logged into the Web Vault".
It’s the worst desktop software I’ve used in several years. The UX makes no sense, it’s full of bugs, it performs badly, they’ve had multiple breaches. I can’t think of a single thing it does that’s even approaching average, let alone good.
I just exported my own vault with the latest version, it was ok for me. I have plenty of passwords with all kinds of special characters. Still, be sure to review the CSV file. If anything looks weird, double check that the password is the same in your LastPass vault. As with all backups/exports, you should always do a sanity check of the data.
One issue I ran into: the CSV file that "downloaded" in the browser didn't have all of my passwords, only about ~20 of ~400. I had to copy and paste the CSV text in the browser to a new CSV file with a text editor. But upon reviewing that, the format of the passwords was fine.
I had a problem not with the password data but with the content of some notes (or whatever it is called in LastPass)
I have been a paying customer of Lastpass for about 15 years. I moved to Bitwarden for all sorts of reasons. I work in technical information security so it was also for that teason (but not only)
Maybe I lucked out? I migrated to Bitwarden early this year and so far all of my passwords have worked. I also made sure to compare the site entries in both. One thing that can't transfer were attachments in LastPass secure notes. So I had to download each one individually and upload them to Bitwarden.
Yeah, in any migration—if you can—it's good practice to run both simultaneously for a while until you're convinced you've checked everything and you're ready to drop the old for the new without much downtime.
1Password. The largest feature disparity is 1password is designed and built by competent engineers. The history of breaches and technical mistakes Lastpass has made over the years is amazing for a tech company let alone a password manager.
How is the user experience though? "Designed and built by competent engineers" is reassuring in the face of security breaches, but often means it's less convenient to interact with on a day-to-day basis.
1Password has the best UI/UX of any that I've used. It's clean, pretty, and solid in my experience. Honestly it's a joy to use which I prioritize in the software I choose to use daily.
Used BitWarden for years, happy with it. Recently switched to Nord Pass, also happy with it. Not sure about feature disparity though, just mentioning some ideas in case you're researching alternatives.
My wife and I switched from Lastpass to Bitwarden early this year. Glad we did, considering all the news! Password sharing is different, since you have to make a group/organization and share the password in there. But once that was figured out, it's been a better experience with less bugs. It doesn't look slick, but it's more functional.
You must make sure the exported CSV file has everything!