After finding out that there might have been a security breach at LastPass, a company known for their online password management solution, I quickly changed my master password and started to think about possible consequences.
For some time now, I had been thinking about switching to an offline password management solution. Not necessarily because I think that online password managers are inherently less secure, but because it give me more control over my passwords.
I therefor made the decision to migrate all my LastPass account information to KeePass, a free password management software. But simply migrating the data was not enough. If someone did actually manage to steal data from LastPass servers, they might have all my login accounts by now. The chance is slim, especially if you take into account what LastPass has communicated so far, but since I earn my living on the web I wanted to be on the safe side here.
The decision was born to change all my account passwords after the migration. I knew that this would not be easy, with 500+ accounts listed in the LastPass database.
This guide explains how I imported my LastPass login database to KeePass, and how to change all your account passwords in record breaking time. Don't get me wrong, you will still spend hours and hours doing repetitive boring tasks.
The first task is to export the LastPass database. The information within act as a reference, so that you know how far you got with changing your account passwords. Open the LastPass website and click Sign In to LastPass to log into your account.
Once you are logged in select Export and enter your account's master password again.
LastPass outputs all of your account information in one large list. Select all with Ctrl-a, and then Ctrl-c to copy the information to the clipboard. Save them in a text file on the local system. The list contains all urls, usernames, passwords and other information that you have stored in LastPass's password manager.
Download the latest version of KeePass from the developer website. Please note that it is only available for Windows and many mobile devices. I have installed the password manager on an encrypted hard drive for extra protection.
Start KeePass after installation or extraction and select File > Import from the menubar. Select Generic CSV Importer from the options and load the text document with your account information. A click on OK imports the data into KeePass.
Please note that the url is added as the title of each individual password, which is not a big problem. The url field is left blank, which we will utilize soon.
Now that you have all your LastPass passwords in KeePass it is time to change all of them. Here are a few tips to get you started with that:
The biggest drawbacks that you will encounter are sites that limit the number of password characters. I encountered more than one site that only accepted six characters in total. That's crazy.
My routine looked like the following:
You may be able to speed things up further by installing a plugin like KeeFox which brings KeePass functionality to Firefox. Similar extensions are available for other web browsers. I'm currently managing about 50-60 accounts per hour with this system. You may be even faster if you use a browser plugin.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.