LastPass has a history of data breaches, the most recent occurring in 2023. Initially downplayed, the incident later revealed the theft of customer data, including vault data—some unencrypted. If this has you considering leaving the service, you’re not alone. This guide will walk you through exporting your LastPass data and securing your online accounts.
Exporting Your LastPass Data: A Step-by-Step Guide
Exporting your LastPass vault is relatively simple. The key challenge lies in securing the exported file, which comes in CSV or XML format—neither of which are encrypted. Downloading your passwords as plain text leaves them vulnerable, even after deletion, especially on unencrypted drives.
LastPass Exported Vault Data Sample – CSV fileYour exported LastPass data is saved to an unencrypted file. This image shows a sample CSV document.
For basic security, download the file to a fully encrypted drive and delete it immediately after importing it to your new password manager. Avoid leaving it in the Recycle Bin, as it remains accessible and unencrypted.
For enhanced security, create an encrypted folder using VeraCrypt. This functions like a safe, keeping your data secure until the container is unlocked. Delete the locked container after you’re finished.
Once your security measures are in place, follow these steps to export your data, either via the web interface or the browser extension:
Exporting via the Browser Extension
- Access Account Settings: Open the LastPass browser extension and click the account icon.
LastPass vault export on mobile – Account Info icon
- Navigate to “Fix a problem”: Select Fix a problem yourself.
LastPass vault export on mobile –
- Export Vault Items: Click Export vault items. The download will begin automatically.
LastPass vault export on mobile – Export vault items option
You can now import this file into your new password manager. The process is usually straightforward, but consult your new service’s help pages for specific instructions.
Exporting via the Web Interface
- Access Advanced Options: In the left navigation bar, click the Advanced Options icon (second from the bottom).
LastPass export – Advanced Options
- Select Export: Under Manage Your Vault, choose Export. A green banner will appear, instructing you to check your email.
LastPass export – Export
- Verify the Export Request: Open the email from LastPass and click the Continue export link. A new browser tab will confirm that the export is ready.
LastPass export – email verification
- Enter Login Information: Return to Advanced Options > Export and enter your username and password to initiate the download.
LastPass export – password input
You can now import this file into your new password manager. Consult the service’s help pages if you encounter any difficulties.
Crucial Next Steps: Changing Your Passwords
Switching password managers is usually a simple export and import process. However, the LastPass breach necessitates extra steps. Since hackers potentially have your vault data, changing all your passwords is crucial.
While a strong, random master password makes brute-forcing difficult, changing all passwords is the best course of action. Updating your LastPass master password now won’t protect you, as the compromised data is tied to the master password you used at the time of the breach.
5 Password-Manager für PC, Mac und MobileChanging all your passwords after leaving LastPass is crucial for security.
Given the sheer number of passwords we use, this task can be daunting. We recommend a phased approach:
-
Migrate to Your New Password Manager: Import your exported data.
-
Prioritize Critical Accounts: Immediately change passwords for banks, financial institutions, government services, and other high-risk accounts.
-
Address Remaining Passwords: Focus on accounts with sensitive information (addresses, birth dates, credit card numbers). Consider removing this information from websites and storing it securely within your new password manager.
Perform these steps after leaving LastPass to minimize potential vulnerabilities.
The Importance of Password Managers
Despite this incident, don’t abandon password managers altogether. Online security is imperfect, but password managers are still essential tools. Reusing weak passwords or writing them down significantly compromises your security. Find a reputable password manager and a system that works for you to maintain robust online security.
