Tips for migrating to a new password manager?

I want to finally migrate from LastPass to Bitwarden, but it seems like such a big project to get done that I’ve been procrastinating on it. Part of my hesitation comes from not really knowing what the best way to do it is.

As of now what I figure would be the best plan of action is to make my Bitwarden account, set up the extension in one browser, and log into each of my accounts with LastPass so that Bitwarden automatically adds them. Assuming that works. While I’m doing that I also figure I could start flipping on any 2FA options that I’ve missed.

Is that the best way to go about it? What would you do?

3 Likes

It depends. Do you also need to go through your accounts and see which ones you longer need and should delete, change any passwords, etc? If you need to check any 2FA options you might have missed, then it might be a good idea to go slowly and kill many birds with one stone, by organizing the accounts first, then changing the passwords (if necessary) as you go along.

If you don’t need to do any of that, then maybe using an exporting/importing option would be more efficient.

2 Likes

You raise two good points.

On one end I think I would like to go slow and steady to dig into all of the privacy options of the different services I use, but of course that would add to the amount of time it would take. If I’m going to do that for 2FA anyway I will probably just bite the bullet and look at other options too.

For changing passwords, I don’t expect there will be many that need changing and I kind of don’t want to change them unless I need to. Reason being that if something for whatever reason goes wrong with Bitwarden that I still have LastPass as a backup. Any passwords I change would be updated in both password managers for that purpose. But maybe maintaining two managers is unnecessary?

1 Like

If you’re going to maintain two password managers, I’d still recommend moving away from LastPass. I believe in digital redundancy, so maybe Bitwarden could be used for day-to-day activities given its convenience, with a backup stored in a KeePass database?

Personally, I use KeePass exclusively and keep multiple backups of the database on separate USB sticks and external drives, so if something goes wrong in the process of changing passwords, I could always retrieve an earlier copy.

1 Like

This is the official, recommended way by BW. If it works for you, it should be much easier than any manual process you were considering. Is there a reason this doesn’t work - it looks pretty straightforward? (Just export from LP and import to BW)


If you go manual, and/or you’re just looking to clean things up. I always recommend people:

  • Delete unnecessary accounts first, one at a time
  • Update/migrate passwords
  • Update/migrate emails (especially if you’re beginning to utilizing email aliases)
  • Update/enable 2FA & extra security precautions
3 Likes

I have exactly this setup and can nothing but recommend it. It works flawlessly for me and even saved my passwords a few times when I managed to break either password database. Furthermore, I am synchronizing the KeePass database with Syncthing. This way, I have both encrypted databases on each of my devices. The only “drawback” is that you have to manage two separate password databases. But, at least in my case, that is exactly what I was striving for. Of course, in theory, there are now two different ways someone could breach my password database. However, I am content with the outcome. An alternative solution would be to use only one password manager (either Bitwarden or KeePass) and make regular backups.

Seeing how LastPass company operates, I do not want to trust them with my passwords, even less when I consider LastPass is not FOSS. As recommended by @Henry, I would follow the official Bitwarden tutorial for exporting your LastPass database. It is as quick and painless as possible. If you want to go through your account manually, I would consider exporting LastPass database, import it to KeePass, go through each account separately as suggested by Henry. Then, when you are satisfied with the result, import the cleaned-up database to Bitwarden.

2 Likes

I should have clarified that I would only use LastPass as a backup until I felt comfortable enough with Bitwarden. Sometimes with these things I just want to be extra careful about migrations because if I mess something up then I could be in trouble. I’m thinking through something similar with TOTP where I only just realized that of course I would need a backup of that because otherwise if I lose my phone then I’m out of luck.

I knew about this feature as well to export the data but wasn’t sure if maybe there were things missing in that process that I should be aware of.

What I might do now is separate the migration from updating all my accounts by just importing my data. At least that way I’m dealing with smaller chunks of work.

It sounds like these are pretty much the two options? Either import the data or add them one by one? Or should I say, are there other things to keep in mind when migrating to a new password manager?

1 Like

The export from Lastpass and import in Bitwarden both work well. You can look over it just to be sure but everything should be correct.

On that note when you switch to Bitwarden you really should enable 2fa on that account too. This makes backing up your TOTP codes even more important. First use something that allows you to export them and preferably open source so Aegis on Android or Raivo on ios. Then keep that backup in multiple places and crucially you should have an off-site backup of them. In the worst case scenario like a fire you don’t want to also lose access to all your accounts. Just have someone you trust keep a copy of the files for you.

@Gabrielle raises a good point. If you’re going through the process of changing password managers now would be a good time to clean up old accounts. Having gone through that process myself let me give you some advice. Don’t expect it to take a day, take your time and work through them one at a time. Some websites make it easy to delete accounts, simply click the delete account button and you’re done. Others though will give you the run around and make it as difficult as possible, so expect it to be a draining experience. Good luck!

2 Likes

Thanks everyone for the ideas!

2 Likes