I've recently been trying out KeePass 2 as an alternative to LastPass, in this post I'm going to go briefly into why I made the switch, and detail how you can do so with a fairly minimal amount of pain. If you're just interested in how to migrate, you can skip straight to the how section.
The two major reasons I'm trying something else are security and performance. That said: I think any password manager is much better than the alternative of manually managing passwords. I also think LastPass is pretty good, I've used it historically because I like it. In terms of the why I'm trying something else, these reasons will apply to pretty much any browser extension based password manager.
LastPass is in good company here, Project Zero have shown up issues with other password manager browser extensions such as 1Password and Dashlane. These issues too have been fixed, but they can exist in the first place because of the design of these extension based managers.
KeePass doesn't integrate into browsers (though it has plugins that do so). In switching I'm hoping to guard myself against vulnerabilities such as those above. I'm going to lose out on things like autofill. However, at this stage this is a trade I'm at least willing to try out.
I've found the LastPass extension to be a bit of a performance hog. In Firefox I would often run into janks when using IRCCloud (web based IRC client) with the LastPass addon installed. There's a bugzilla bug on it here. Aside from specific cases like this, LastPass adds also an inherent overhead which I'm not sure I'm cool with.
Obviously these programs need to use some resources run. However, extension based managers can end up doing quite a lot, some of which I didn't expect. For example, some of these extensions will parse the DOM to try and find places to insert icons (click me to fill passwords) or autofill, however, if you're dealing with large DOMs this can take seconds. This may not sound like a lot, but it gets old fast when you get multi second lockups regularly.
Other Nice Things
- Free: Password managers don't cost a ton, and most have free version with limitations, but KeePass being free is nice.
- Open source.
- You control your own password database. This is a bit of a double edged sword, as you're now responsible for the safety of said database, but it does mean the data is in your hands.
Migrating to KeePass 2 is made pretty straight forward via the ability to export and import your password database.
Exporting from LastPass
We're gonna start off by exporting our LastPass passwords to a comma separated value (.csv) file. To do this navigate to
LastPass -> More Options -> Advanced -> Export -> LastPass CSV File. Save this file somewhere safe, and make sure no evil hackers get their hands on it, it contains clear text passwords.
Importing to KeePass
Once you have KeePass installed you can import the csv file from above from
KeePass -> File Menu -> Import. You will now have a prompt, select "LastPass CSV" and select the file you exported above. Voila, your passwords are now imported. Now is also a good point to delete your .csv file from earlier, so your passwords aren't lying around.
By this stage you should be all set. You'll find KeePass is a bit of a different beast that your extension based managers. The following sections detail useful bits and bobs I've found helpful after switching to KeePass.
KeePass has a number of hotkeys which I've found useful since switching:
Ctrl + Alt + K: Brings the KeePass window to the foreground. This can be configured in
Tools -> Options -> Integrationif you want a different key combination.
Ctrl + C: Copies a password to your clipboard. By default KeePass will clear your clipboard after 12 seconds after doing this to stop you leaving a password there. This can be chanaged under
Tools -> Options -> Security.
Ctrl + V: Performs 'auto-type' which has KeePass change windows (like an alt + tab), type a username, tab, and then type a password. This is like KeePass's version of autofilling.
KeePass has a lot of configuration you can tweak under
Tools -> Options. Timeouts can be set in
Tools -> Options -> Security, so that after you haven't used KeePass and/or your system for some time KeePass will require your password again. Also worth a look are the interface settings under
Tools -> Options -> Interface. There's a lot of customization available here to cater to your personal preference.
Using Syncthing to Sync Password Databases
I use Syncthing to sync my password database between computers. SyncThing is a nifty open source utility for syncing data between devices. Key points:
- No centralised storage. If you're attracted to the KeePass because it allows you control over your password database, Syncthing also provides this benefit compared to other cloud storage.
- Data is sent encrypted.
- Free (like beer and speech)!
On my Windows machines I run a SyncTrayzor, and on Linux I use the web interface that comes with the baseline SyncThing. If you're looking for a way to sync your password DB, I'd certainly recommend giving it a look!