Move from Last Pass to KeePassX

Dmitri Popov

Productivity Sauce

Apr 06, 2011 GMT
Dmitri Popov

Since time immemorial, I've been using the LastPass service and browser extension for managing all my passwords. It worked well for me, but gradually I grew uncomfortable with the idea that all my passwords are managed by a third-party service. So I've finally decided to do what I should have done a long time ago: migrate to the KeePassX password manager. This rather handy utility stores all data in an encrypted database file, and the tool offers a handful of useful features to boot.

Moving all my data from LastPass to KeePassX manually was a daunting proposition. Fortunately, I stumbled upon a nifty lastpass2keepass Python script that can convert exported LastPass data to a KeePassX database. Needless to say, this one-trick pony is a huge time-saver, especially when you have hundreds of entries in your LastPass database.

Converting LastPass data to a KeePass database using the script couldn't be easier. Grab the latest version of the script and move it to your home directory. Export your data from LastPass to a file in your home directory. Open the terminal and run the following command (replace exportfile with the actual name of the exported file):

python lastpass2keepass.py exportfile keepass.xml

That's all there is to it. You can now open the converted keepass.xml file in KeePassX. The converted database might require some cleanup and tweaking, but that's not a biggie.

« previous post next post »

Comments

  • ikeepass

    I use lastpass however I choose ikeepass for my iphone, I use this script for export my passwords from lastpass to ikeepass. it works perfectly. You save me a lot of time. Thanks.

  • Storage..

    I don't have the guts to store my passwords or anywhere honestly. Fortunately I found an answer to my predicament around Christmas and that is passwordmaker. Just add a dot org and thats the site, its also GPL. Its really easy to use, even my gf use it on her iphone and I have it on my htc wildfire or the javascript version. Needless to say, don't use password straight up and down. I myself generate a password and amongst other things take the third letter in the url and put it just before the last character in the generated password. Check out the tips & tricks subforum and their wiki. All in all, I have four passwords to keep track of, yet I have unique on all accounts I have on the Internets. But Hey! As long the boat floats! happy

  • online?

    does it sync to some on-line database?

  • RE: Output File

    I've done that too, although I don't have a dummy "keepassx" file as there is no need\purpose for it.
    If you name the db file something like myhousepic.jpg there is nothing to indicate your even using keepass so putting a dummy file out there would be counter productive as it would indicate you are in fact using keepass.

  • On password sync

    I have been using KeePass(x) for a few years. There is a version of it for virtually every OS including mobile OS's.
    If you need to sync or have access to your passwords on multiple machines, you can store the db file on Dropbox and have it accessible on any pc\phone you want.

    Use 256 bit encryption, a strong password, AND a key file that is not stored on dropbox.

  • Output file

    I've been using keepassx for years. I would suggest though that you name the DB something innocuous and keep a fake "keepassx" file for additional secutiry.

  • I miss autofill...

    I use Lastpass and, while I'm not concerned about security, sometimes worry about my passwords being "out there." I admit I like the idea of keeping them locally, but then we're only talking about using LastPass as a "password vault."

    For me LastPass is more... it syncs my passwords between computers and auto fills them in Chrome and Firefox (on Linux). Also, in a pinch I can log in on my phone (I don't use the LastPass app, just the normal website) to check a password!

    I think I'll stay with LastPass for now... bah humbug!

  • Yes they Can (in principle)

    Well, as-is and as designed LastPass arranged it so that it does not have access to your passwords. Still, one does have to consider the fact that the next time you use their service, their code might change, ever so slightly, so that they do get your master password (or maybe get send a 'silent' one time use password).

    We all hope that would not occur but if you follow the TNO (trust-no-one) state of mind, you have to admit that by using LastPass you are giving LastPast you on-going trust to properly behave. If you were to store something with a life-or-death value, you'd think twice.

    I use both tools, and consider LastPass trusted enough for most uses. Still, my money transfer bank creds are stored in KeePass for the reasons I mentioned above.

  • You do know...

    You do know that lastpass doesn't actually have access to your passwords?
    http://www.grc.com/sn/sn-256.htm
comments powered by Disqus