Hacker News new | past | comments | ask | show | jobs | submit login

>> Key points: - Refresh the website list from the extension before starting

I didn't understand any of your explanation of how to migrate from Lastpass to 1Password.




To perform a LastPass migration, there are 4 phases involved:

  1. Export passwords
  2. Export attachments
  3. Export password history
  4. Export form fills (THIS IS NOT POSSIBLE FROM MY UNDERSTANDING, form fills also appear to not be encrypted?!)
# 1. Export passwords

In the extension, go to Account Options -> Advanced -> Clear Local Cache, this WILL LOG YOU OUT. Then, log-in and Account Options -> Advanced -> Refresh Sites, this will update your local cache. Finally, begin the export process and follow the instructions, make sure to USE THE EXTENSION (not the website): Account Options -> Advanced -> Export -> LastPass CSV file. When saving the CSV, do not copy-paste the content of the HTML manually, instead use the popup to download the file that LastPass provides. You might need to allow popups for LastPass extension the first time you perform the export, then perform another one to get the popup.

# 2. Export attachments

Use lastpass-cli to export attachments. A script is provided in version 1.3.4: https://github.com/lastpass/lastpass-cli/blob/v1.3.4/contrib... Keep in mind that the script works also on version 1.3.3, which is the one provided pre-compiled by Ubuntu, you just have to copy-paste the script to your local machine.

# 3. Export password history

This is not possible natively, you can use my modified PR, but it's not trivial, bash knowledge, familiarity with C syntax is expected: https://github.com/lastpass/lastpass-cli/issues/245#issuecom... Keep in mind that YOU SHOULD AUDIT THE SOURCE CODE, I modified an existing PR and it's hacked together, I brought it only to where I needed it to, to get the password history out for my specific use-case.

# 4. Export form fills

Unsupported from my understanding

# Conclusion

Tag the items or mark them in your new password manager with something to remind you that they were breached on lastpass in august 2022 and remove such mark when you change their password.


Awesome work on the password history export, thanks a lot!

I audited the code to the best of my ability and it doesn't look like it's malicious, but I certainly could've missed something, so to anyone who's thinking about using this, it works, but do your due diligence.


I ran into this before, actually. As of about a year ago, Lastpass partially used cached data to generate some portion of exported data, but that cache is not diligently kept up to date.


> but that cache is not diligently kept up to date

Is the ability to take a payment the only thing LastPass got right?


No, not true. I'm using 1Password and while I like it, there are a few things LastPass got right where it even beats 1Password.

The one on top of my mind is that you can unlock LastPass with a PIN. My wife has a phone with a glass cover (to protect it from the children), which "broke" fingerprint unlock.

She's required to type the full password every time to unlock it, which is particularly hard on phone (long password).

On top of that, lastpass app (phone) had the option to "force" autofill from a notification. For some apps where the popup never really shows up with 1Password, I was able to force it using LastPass and then fill. With 1Password the only option is to go to the app and copy-paste.

Those are not game-breaking though, given the many, many bugs that LastPass (app on phone) had, the most annoying was: open the autofill and when searching, just no result shows up. This made the autofill useless a good chunk of the time.

On top of that, LastPass EXTENSION (chrome) has the option of choosing between sharing states between browser profiles or not sharing states between browser profiles. This is very useful in my case, because my wife has a chrome profile under my OS user, but we can still have 2 different lastpass "logins". From this perspective, 1Password is actually entirely broken: if you login into the native application (which is basically required for decent functionality), you are not allowed to login into 2 different 1password profiles through the chrome extension unless they are on different URLs (e.g. mycompany.1password.com vs 1password.ca).

Finally, LastPass was consistent: web, extension and app had the same capabilities.

1Password is highly inconsistent, where the native app has more capabilities than all of them, the extension has no edit capabilities but has better read capabilities than the web version and the web version has a mix of edit and read capabilities. For example, the native app can "batch add tag", but the web cannot do that.


Fair enough. And I used it myself for many years.

TBH it was more of a throw-away sarcastic outburst, an exclamation, an out-breath, than a genuine question. And also based mainly on the security side of things. I didn't make that clear, however, so I apologise for leading you into expending so much effort on your excellent reply.


All good, appreciate the apology, I'm bad at reading sarcasm, sorry!

And I'm very angry at LastPass too.

To be fair, the thing I'm the most angry about at LastPass is how the product felt completely stale. I remember signing up 6 years ago and there has been no change at all across the board. Bugs, issues, improvements, NOTHING.

They could have avoided all this, they just didn't.


Sorry I didn't realize the formatting was way off, I'll write a better message in a minute




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: