Ask HN: What do I do about LastPass and how do I switch?
After using LastPass for many years, I have more than a thousand passwords stored in it. It's too many to make it practical to manually change them all. Is there a way to get all of them into something else, like BitWarden, and then [semi]automatically change them all?
35 comments
[ 3.6 ms ] story [ 84.4 ms ] threadYou get a file and you import it wherever you want.
It couldn't be easier.
Last pass has blog posts on this, your password manager has blog posts on this, random people have made countless blog posts on this.
All of these are easily found with your search engine of choice.
Or perhaps this comment is sarcasm? So hard to tell these days.
And consider changing your passwords on your most important accounts (email, bank, ...)
Everyone’s recommending Bitwarden now, so I guess that?
Saw some posts on Reddit about poorly conducted security audits with Bitwarden so I was a bit concerned.
But the steps to this correctly are this:
If you don’t do the exact steps above, then when you do an export from LastPass, it most likely will export some of your passwords twice (so you will have duplicates). This is a known bug in LastPass that they have never fixed.You also need to do this (from the bitwarden site):
“Some users have reported a bug which changes special characters in your passwords (&, <, >, and so on) to their HTML-encoded values (for example, &) in the printed export. If you observe this bug in your exported data, use a text editor to find and replace all altered values before importing into bitwarden.”
The import into bitwarden procedure is located here:
https://bitwarden.com/help/import-from-lastpass/
It’s also entirely possible to run your own instance / server of Bitwarden.
It's because people really don't care about security. They don't see it as something that needs effort like managing personal finances or cleaning your car. They want "set it and forget it". Psychologically, it's because there isn't any immediate benefit, and the perceived expected value of the effort is low.
This problem is why I don't enjoy working in cyber security and probably won't go back to it.
Mechanically minded folks say "why ever trust an auto shop?" Tech folks say "why ever give your data/device to someone else?" Handy types say "why pay so much for mediocre work from a plumber/electrician/etc.?"
And if you want to use Age encryption - https://github.com/FiloSottile/passage
Or be a luddite and write it on paper.
Too many people who should know better on this site itself kept recommending things like Lastpass... Incredible.
I did this (moved from LastPass to 1Password) back when LastPass changed how they were doing their free vaults and with LastPass’s less than stellar track record on security. I will at least advocate for 1Password as their family vaults are amazing for sharing things securely with the wife and my parents.