Please keep in mind that 1Password no longer provides a free service option before transferring from LastPass to 1Password or continuing to read this article. Individual plans start at $2.99 per month on an annual plan, that’s $35.88 annually. I am not a paid shill for 1Password, nor does this article currently contain any promoted affiliate links that would provide us any income. We will notify if we add a promotional link in the future, because we stand by 1Password’s business practices and safe keeping of consumer data. It should also be known that LastPass does not offer support to free accounts beyond the self-help portal and community forum. If anything serious was to happen, you would need to upgrade to paid plan for direct support.
When it comes to your most sensitive data, is a free service the best option? The saying goes “If the service or product is free, you are the product” and LastPass was unfortunately not the exception.
If you already have decided on making the switch, you can jump to the bottom of this article for the tutorial portion that provides a step-by-step guide to export your LastPass account, and import it into 1Password.
As of December 22nd, 2022 – LastPass released an alarming update regarding additional security breaches to customer data that started back in August. LastPass advised that an employee was targeted and that hackers successfully stole customer data, both encrypted and not encrypted. LastPass encrypted vaults and passwords were copied from cloud servers, as well as all unencrypted private data from customer names, profiles, emails, telephone numbers and even IP addresses used to access the service. LastPass is still investigating the incidents, and that tells us that more damage can still be uncovered. They claim that at this time, only 3% of their business customers have been contacted to take necessary precautionary actions
Without sounding the alarm, the best course of action may be to currently move away from LastPass in addition to changing all your passwords, including your Master password. You may wonder if this is all necessary since LastPass is claiming that your passwords are safe, and that only weak Master passwords should be update, but to avoid taking any chances, this is the only course of action to hedge your risk as much as possible.
Although we are not seeing reports of LastPass users claiming of brute force attempts or login alerts on their accounts, one user tweeted that old crypto wallet seeds stored in his LastPass vault were breached on December 18th. Please note that this tweet alone does not prove any causation link to the LastPass breach, but taking note that the investigation is ongoing and without reading into what we do know, the link is plausible. We highly advise that if you stored wallet seeds, on your vault, that you immediately move your assets to a new wallet. Any and all sensitive data stored on the vault should be considered at risk.
If you are a LastPass user still on the fence about moving to an alternative password manager, you may not be aware of the company’s previous security breaches where customer data was compromised. Over the last 10 years, multiple security incidents have occurred, including browser extension exploits that compromised passwords and customer data. But security breaches happen right? Sure, they do and the way a company handles customer information from that point on should be taken note of. Tracking your customers with third-party apps was a business choice, and this is where we drew the line. In 2021, third-party tracking was discovered to be embedded in LastPass’s Android app. These third party trackers lead to further data leaks and users being targeted, even having their Master passwords stolen in phishing attacks, according to Bleeping Computer. This is why we suggest to cut ties with LastPass, and update all your passwords to avoid further security risks.
1Password, a known competitor and favorite in the space, is a company with a massive valuation of 6.8 billion dollars, with many well-known investors backing the dedicate team whom have never tracked users for any reason, and unlike LastPass, they do not have a long history of security issues. Fortunately, 1Password is capable of importing most of your LastPass information. We suggest you import your data prior to updating your passwords if you have any concerns with possible ongoing breaches to LastPass server data.
How to Export Your LastPass Account and Import Into 1Password:
Step-By-Step Exporting of LastPass:
- Login to your LastPass account on the official website ‘Lastpass.com’ using a computer.
- Once logged in, click on ‘Advanced Options’ found near the bottom of the left-hand sidebar menu.
- Next, click on ‘Export’ under the Advanced Options menu section titled Manage Your Vault. You will get a confirmation pop-up that an email was sent.
- Open the LastPass email requesting you to confirm the Export, and click on ‘Continue export’.
- Once verified, you will be instructed to return to your Vault to continue to the process, once more – select ‘Advanced Options’ on the left-hand side menu, and click on ‘Export’ – you will be asked to enter your account login a final time for security, and a .csv file will be downloaded once your export has completed. If no file gets downloaded, repeat the process and make sure that any ad blocker is disabled on lastpass.com.
Step-By-Step Importing LastPass to 1Password:
- If you have not yet signed up to 1Password, go ahead and create an account first, and make sure to get your Emergency Kit PDF, a secret key to recover your account if you lose your password or get locked out.
- Still on your computer, login to your 1Password account directly on their official website 1Password.com.
- Open the top right drop-down menu by clicking on your name, and click on ‘Import’.
- Select LastPass from the source of data options on the following page, and simply drag the CSV file in, or select it from your computer file explorer.
- Finally, click on the blue ‘Import’ button at the top right of the screen, and you should get a screen confirming the successful import, and reminder to permanently delete your LastPass backup .CSV file. Make sure the number of imported items matches your existing LastPass password count.
The 1Password application is similar, but it does not support automatically saved form filling data, and some information will be tagged differently when converted. For example, secure notes may be tagged and identified better. Stored SSH keys, contracts, policies and instant messenger logs convert into secure notes, while folders are converted into tags.
Remember to update your most important passwords and you should be set. Make sure to test everything, and once you are certain everything was successfully exported, you can go ahead and permanently delete your LastPass account on the following page.
Wait, LastPass Export is Not Working
It’s pretty common for PC users to face issues when attempting to export their LastPass account. To make things worse, as mentioned at the start of this article, if you’re e a free user, LastPass will not provide support beyond the community and self-help pages. Here is a helpful trick to follow if LastPass is not exporting your CSV file, or if the file it saves ends up being empty.
Once you complete your export, if it was successful, LastPass will open a .php webpage that will your decoded vault items. Copy all of the text on the webpage from top to bottom, paste it in notepade, and save the notepad document as a .CSV file.
Hope this article helps some of you keep your login details safely stored and managed.