How to Safely Migrate from Lastpass to KeePassXC


If you are concerned about storing your passwords “in the cloud”, KeePassXC is the best free local storage option storing passwords on your laptop, desktop, or mobile device. By keeping your passwords and sensitive account info in an offline database such as KeepAssXC, you effectively eliminate the opportunity for hackers to exploit online password software that needs to sync your passwords stored locally on your computer, with their servers anywhere in the world.

Again, KeepAssXC is a database of passwords stored locally only. This means your database is stored only on your own computer, not out “in the cloud” where you do not have any control over the server. With great power comes great responsibility, and only you are to blame if you lose your database and/or the key.

While Dropbox, iCloud, Google Drive, network shares, and USB drives can be used to share and sync the database file between the machines you use, make sure you close the file on one computer before opening it on another.  It is best to use one secure machine for all your sensitive accounts, anyway.

So now that you’ve decided to take control of your password database, before you move all your passwords and account information from the proprietary Lastpass and into the open source KeePassXC, first back up your account information by exporting it.

Can I download all my passwords from LastPass?

Export your LastPass Vault data (including passwords, secure notes, form fills, Wi-Fi passwords, etc.) as a CSV or XML file, then print a copy to keep for your own records or backup.

If you have set up different Vault identities, you can export data for all or individual identities.

How to transfer data away from LastPass

How do I save an Export in LastPass?

To export your data from a LastPass Browser Extension:

  • Once you have the browser extension installed, click the toolbar button in your browser to open the LastPass menu.
  • Click on Account Options, then Advanced, then Export. You should then see an option labeled “LastPass CSV File.”
  • Enter your Master Password to validate the export attempt.
  • Click the “save as” link and your web browser will save the CSV file to your local drive.

How to prepare passwords exporting from Lastpass

KeePassXC supports the importing and exporting data from and to various file formats. KeePassXC can import from over 30 other commonly used password managers.

BUT the CSV file might not be directly usable by KeePassXC just yet!

If any of your passwords have an “&” symbol in them, LastPass will encode that as &, but if you import the CSV into KeePassXC directly, it will see the string & in the passwords as exactly that, &.

This means that some logins or passwords will fail because the passwords will not match exactly.

The simple fix is to do a find/replace in your spreadsheet or text editor to find & and replace it with &. And then your CSV file will be ready to import into KeePassXC.

Note: this is unlikely, but if any of your usernames or passwords contain the exact string of &, check manually to make sure they are correct.

Why Choose KeePassXC as a Password Manager?

KeePass is for Windows only, KeepAssX is no longer actively maintained, and so I recommend the cross-platform, community-forked KeePassXC.

KeePassXC is a free open source password manager, which helps you to manage your passwords in a secure way. You can store all your passwords (or other sensitive information, really) in one database, which is locked with a master key. Do not forget this master key!

Selecting a master password (passphrase) for your password manager

DO

  • Select a long phrase that you will remember, but is not that easy to guess. A nonsensical grouping of words might work well, with special characters interspersed throughout.
  • Include at least one of each: upper case letters, lower case letters, numbers and special characters.
  • Select a passphrase that is easy to type, especially if you will be using keepass2android on a cellphone keyboard since you will be typing this passphrase in many times throughout the day/week.
  • Configure two-factor authentication with your password manager to add additional security. Recommend a yubikey or similar authentication device, and NOT your phone number.

DON’T

Surge Protector VS Line Conditioner...
Surge Protector VS Line Conditioner VS UPS

  • Use any other password as the master password for your password vault.         
  • Use well-known song lyrics or your name
  • Forget your master password.  You will have to reset the passwords in all the places where you used the password manager to store important data. It is very important to remember your “master” password!

How do I Import passwords into KeePassXC?

First, back up your lastpass CSV file in case you need to refer to something in there again later. Encrypt it and save it somewhere on a USB stick or external drive.

To import the LastPass CSV file:

  • Click Database > Import > CSV file…
  • In KeePassXC, select that the first row of the CSV is the headers, and then indicate which column matches up with the data points for: usernames, passwords, group names, labels, etc.

Is KeePassXC more secure than LastPass?

KeePassXC is a free open source password manager, which helps you to manage your passwords in a secure way. You can store all your passwords in one database, which is locked with a master key. Although both Lastpass and KeepAssXC have had vulnerabilities, fixes have been made and both managers are highly secure.

KeePassXC stores your passwords locally on your own computer or server, which I consider a more secure storage method than trusting someone else’s servers.

KeePassXC is open source, and the source code is available for your review.  Plugins may or may not be open source, and care should be used when using any third-party plugins.

Browser integration for KeepAssXC is only available using plugins. There is keepass2android for cell phones and keepass2android offline if you prefer zero calls to the internet.

Can you move KeePassXC from one computer to another?

The KeepAssXC database (*.kdbx) consists of only one file, so it can be transferred or shared easily from one computer to another.

The database is just a file. You don’t need to export anything, just copy the file.

Use syncthing, FreeFileSync, or something proprietary like Dropbox to automatically sync that single file to your different devices.

You could also store your .kdbx file on a self-hosted nextcloud, owncloud or cozy cloud instance, and the keyfile on an encrypted usb drive. Require a secure password and your keyfile to open it.

Recent Posts