LastPass has over 10 million users, but following the recent hacks in which encrypted password vaults were stolen, we expect that many of them will be thinking of moving to another password manager.
Regardless of how many passwords, forms, secure notes and other stuff you have in LastPass, the process of exporting it and moving it to another password manager is the same.
It isn’t difficult either, so while the thought of changing password manage might seem like a huge hassle, it really isn’t.
Not only is LastPass’s reputation damaged by the recent breaches, including the revelation that hackers managed to steal user data, some encrypted and some not, it also hobbled its free tier back in 2021.
Prior to that, it was the obvious choice for anyone looking for a free password manager.
Now, whether you want a good free alternative, or you’re happy to pay for a password manager, is the time to move your logins and we’ll explain exactly how to do it.
And we’ll also show you how to import those passwords into Bitwarden. We think it’s a good choice because it’s open source, so anyone can inspect its code, and this makes it trustworthy. It has a free tier which is a lot like LastPass used to offer, allowing you to use unlimited devices and access your passwords and other data from any of your devices.
But you can also pay for it if you want the full set of features. The Premium tier costs only $10 (around £7) per year and gives you more space for encrypted file storage, and extra two-factor authentication for devices such as Yubikey.
Here, we’re using a web browser – on Windows – because this is the easiest way.
1. Export your LastPass logins
The first thing to do is export your logins from LastPass. To do this, you’ll need to go to your password vault.
Either click on the shortcut in your web browser (as shown below in Chrome), then on ‘Open My Vault’ or go to lastpass.com and log in. Both will take to to the same place.
At the bottom left, click Advanced options, then Export. You’ll be asked to enter your LastPass Master Password at this point, after which the logins should be saved in your downloads folder with the filename lastpass_export.csv.
*** WARNING *** This is a plain-text copy of your logins with all passwords on show, plus your bank and credit cards and identities, so be sure to securely delete it after importing to Bitwarden (or whichever password manager you choose). This is a valuable file that you don’t want to fall into the wrong hands.
2. Tidy up your logins
If possible, open the file in Excel or another spreadsheet app. This is a good way to look at your logins and edit them, rather than trying to use Notepad or a word processor, where each field is separated by commas (that’s what csv stands for: comma-separated values).
You’ll want to go through the list and do a bit of a clean up if you’re anything like us and aren’t very good at removing duplicate logins, or deleting those which are for accounts that are long gone, or for services we no longer use.
You’ll probably find a few entries where the password is shown as â€¢â€¢â€¢â€¢â€¢â€¢â€¢â€¢ or *********. This is an unfortunate LastPass bug which causes some passwords to be corrupted, and you’ll either have to remember the password for that login, or reset the password by going to the site’s login page and clicking ‘Forgot password’ or similar.
For each login you should see the URL of the website, the email address (or username) and the password, plus any notes and the category you filed it under in LastPass.
Don’t forget to save the file to update it with any changes you make
3. Create a Bitwarden account
Go to bitwarden.com and click Download from the menu across the top. Then click Create A Free Account.
Enter the email address you want to use with the account, then the master password. This is the single password you need to remember, so make sure you can remember it, and that it’s at least ‘Strong’. When you type the password, an indicator will show you whether it’s weak or strong.
Tick the box to confirm you agree with the Ts & Cs, then click the Submit button.
You can immediately log into your account using the email address and password you just entered, and it’s worth verifying the email address straight away. So click the Send email button, go to your email and click the blue Verify Email Address Now button.
4. Import to Bitwarden
Now you can import your tidied-up csv file containing all your LastPass logins into Bitwarden.
On Bitwarden’s website, click Tools at the top, then Import data.
Use the drop-down menu to select LastPass, then click the Choose file button and navigate to your saved lastpass_export.csv file.
Now click the blue Import data button and after a short wait, you should see all your logins appear in a list.
5. Export form fills from LastPass
Just when you thought the job was finished, there’s more to do. If you used LastPass to save any form data (such as name, address and other details which can be automatically entered into online forms) you’ll need to export those separately.
Once again, open the LastPass web browser extension and click Account options > Advanced > Export > Form Fills.
Enter your Master Password again, and the form fill data will be saved as lastpass_formfill_export.csv.
You can check over this file in a similar way to the logins, then import it to Bitwarden by heading back to the Bitwarden website and clicking on Tools, Import data, selecting LastPass and then navigating to the saved file: exactly the same process for importing the logins.
6. Install the Bitwarden browser extensions and apps
The next task is to install the apps and extensions so that Bitwarden can enter those login details for websites and apps.
You can get the extensions for:
Google ChromeFirefoxOperaMicrosoft EdgeSafariVivaldiBraveTor Browser
Apps are available for Windows, Android, macOS, iOS and Linux, which you’ll find in the relevant app stores, or on Bitwarden’s website.
Here’s a handy video which shows you how to use the browser extension.
7. Delete your LastPass account
You’ll want to disable or remove the LastPass extensions from the web browsers you use, and uninstall the app from your phone. It’s a good idea to also delete your LastPass account so your logins are completely removed from the cloud.
To do this, login to your account on LastPass’s website and then go to the delete account page. There are two options here: reset your account and delete your account. The first does delete your vault containing all logins, but keeps your account. Unless you plan to use it in future, we recommend using the delete option.
Jim Martin / Foundry
You’ll be asked if you remember your master password or not, as it changes the process if you don’t know it (you can still delete it you’ve forgotten it).
Assuming you know it, click “yes” and then enter your password. Optionally choose a reason and enter a comment.
Click Delete, then click Yes on the two prompts asking if you’re really sure, as there’s no going back.
Once it’s done, you’ll get a message to say “Your LastPass account has been permanently deleted and all of your data has been purged from our systems.”.
You’ll see instructions for removing browser extensions, too.
8. Change any critical passwords
The final task is the most tedious. Since hackers managed to steal encrypted LastPass vaults, you should change the passwords of any important accounts. These will include online banks, savings accounts, pensions and any others which would cause you serious problems if someone else managed to gain access.
If you used a strong, 12-character password which adhered to LastPass’s current guidelines then your data shouldn’t be at huge risk since cracking the encrypted vault would – according to LastPass take “millions of years”. However, with quantum computing threatening to crack encryption much faster, it’s just good practice to update those passwords.
Unfortunately there’s no automatic way to do this. Even paid-for password managers which claim to this often only work for a few websites.
The process for changing a password differs for each website, but in general, look under your account settings or user profile and you should see a “change password” option.