Good-bye LastPass. Hello, KeePass!

As a long-time LastPass user (from their launch in 2009), I’ve gone through all the stages from thrilled to meh. Their sellout to LogMeIn in 2015 was a low point in their reputation, but through the assurances of the previous CEO I chose to stay on as a paid subscriber. The service has generally performed okay (as a browser-based tool) in spite of the hiccups of any browser-based tool. But the announcement this week that LastPass would further restrict free accounts by limiting users to a choice of PC or mobile (not both!) clients was a clear signal to me that it was time to move on. Ever-changing service offerings driven by revenue feels like things could be shifting away from the security-first-and-at-any-cost ethos of the early days.

After a few days of research I landed on KeePass, for the following reasons:

1. KeePass is free, open-source, and has an active and large support community. This is an indication of others’ dedication to the product, and is necessary for long-term maintenance and viability of the product.
2. KeePass has been around awhile (17 years), and has been hammered on and trusted by many people much smarter than me.
3. KeePass is not browser-based — at first I thought this was a drawback but it is actually a huge advantage in terms of speed, security, and usability.
4. KeePass is a lean and efficient tool, yet offers nearly endless ways to add functionality through plugins (you can even develop your own). Plugins keep the core application unencumbered, outsourcing peripheral functions such as cloud syncing and backup to plugins. You can run it as-is just fine, but if you ever need more there’s probably a plugin that fits your need.
5. Maintaining and organizing sites is very easy in KeePass. The application is very fast and capable (easy to see dozens of entries at the same time— the exact opposite of trying to organize sites in a browser extension (virtually impossible).

As I just found out, installing KeePass and migrating over from LastPass is very easy, especially once you understand a few concepts about KeePass.

1. There are many sources for KeePass-compatible applications and plugins. The main source is at KeePass.info.
2. Plugins sound intimidating, but you really only need one or two (or none!) plugins to match the functionality of LastPass synced across multiple PCs and mobile devices.
3. There are no browser add-ins — KeePass doesn’t need them! It uses auto-type to fill passwords, which works equally well across web pages, PC applications, or even on the command line. So far, auto-type is working much better than LastPass — it just works. Everywhere.

How to Migrate from LastPass to KeePass

1. Install KeePass on your PC (Windows, Mac, or Linux — I installed on Windows). Download the most recent version 2.xx, or download the portable version if you don’t have admin rights on your PC.
2. Create a database. Open KeePass and click on New. This file will contain all your passwords (encrypted, of course) and is what you will sync if you need to access it on more than one device. Write down your master password because if you forget it there’s no recovering your data.
3. Export from LastPass. Go to Advanced and Export to CSV (I forget the exact route since all their apps are deleted). This will download a CSV file containing all of your saved data.
4. Import this file into the KeePass database by clicking File > Import. Select the option to import a LastPass CSV.
5. Delete the CSV file from your computer and empty the recycle bin.
6. Optional: Set up sync. If you already have a cloud storage client installed on your PC, just store the database file in a folder that is synced — no further action needed. If you don’t have the cloud provider’s client (i.e. you want to sync the file using Dropbox, but Dropbox isn’t installed on your PC), download the Kee Anywhere plugin. You can find it on the KeePass Plugins page, or you can download it directly from the developer’s website.
7. To install a plugin, open the Plugins folder by going to Tools > Plugins > Open Folder.
8. Drop the .plgx file you just downloaded into this folder.
9. Close and restart KeePass for the plugin to be activated. That’s it — there’s no installation process.
10. Optional: Set up backups. I did this so I’d have access to a recent password file if I lost connectivity to my cloud storage. The KPSimpleBackup plugin saves a backup copy locally on every save.
11. Optional: Install a mobile app. Since it’s open source, there are lots of mobile apps available for iOS and Android (I use Keepass2Android, but there are many others that would probably work just as well). Follow similar steps: install the app, and point the app at your database file to use.

You can also email the password file to yourself for use on a phone or work computer. This is a long article because of the flexibility of KeePass, but the app is actually very easy to use once you make the paradigm shift away from a browser-based tool like LastPass. I think I will be using it for a long time to come. Thanks for reading!

PS: Check out this post for more tips on using KeePass more efficiently.