The security breach against LastPass in August 2022 was so severe, hackers not only got access to customers’ personal information, like names and emails, and encrypted vaults—they were also able to associate customer identities and vaults with each other.
As a result, says 1Password, they (or the highest bidder) may have little difficulty discerning master passwords and decrypting vaults to access customer data.
If you used LastPass last August, it’s probably time to switch to a new password manager. (The only reason not to would be if you’ve changed all of your stored passwords to computer generated versions.)
Plus, 1Password makes it really easy to switch and will even pay you the remainder of your current subscription in exchange.
[Update: As of a subsequent update to 1Password 8, the Mac app includes the ability to directly migrate LastPass data to 1Password. This supersedes the first two frames below, significantly easing the process. Simply go to File > Import, enter your LastPass email address, and follow the succeeding steps.]
Export Entries from LastPass
To export the contents of your LastPass vault, sign into LastPass in a web browser and go to Advanced Options > Export. Reenter your master password if prompted and then check your email for a verification of your intent to export and do so.
Finally, visit Advanced Options > Export again, enter your master password a third time if prompted, and (hopefully) a CSV file containing your vault data will download.
(LastPass details this lengthy process for reference.)
[Update: At time of publication, I discovered that the LastPass export was unreliable and sometimes corrupt or incomplete. The workaround was to copy all entries presented in the browser window by the export tool and paste them into the 1Password import tool. Hopefully, with the direct migration now offered in 1Password, this too is unnecessary.]
Import to 1Password
If you have not already created a 1Password account, do so. If you can’t figure it out on your own, you can get some help with the process from 1Password or from me.
To import your LastPass download into 1Password, sign into the 1Password website and choose your desired destination vault. Then, click Import Data and choose LastPass as the source. Finally, drag the downloaded file into the frame below or click to choose the file on your computer, and then click Import in the top right.
After your import is complete make sure to delete the file you downloaded as it contains all your passwords, unencrypted.
Change Passwords
For all the passwords stored in your LastPass vault, have you changed them on their respective websites since August 2022? If not, your accounts are still vulnerable and this needs to be your next step.
1Password provides basic instructions for generating secure passwords and changing them on websites. However, since each website is designed a little differently from the next and you must change each account separately, you may want some additional guidance on how to proceed with this tedious process. Let me know.
Navigating websites and updating passwords is tedious and requires extreme patience. I recommend doing it in chunks.
Along the way, you may discover websites that no longer exist, others slow to send verification messages, and still others that force you to contact a customer support department to facilitate the process.
You may also find accounts you no longer want. However, before deleting them from your vault, make sure you cannot sign in. If you can, first delete your account on the associated website. Otherwise, if the site is hacked, your personal information may be stolen.
One way or another, I have confidence you can complete this important process on your own, but feel free to reach out for support and coaching as needed.
Reply or comment on this