Although your passwords are backed up by LastPass, it’s always a good idea to have a backup copy, just in case. The problem with cloud solutions you may use is that they are dependent on the service provider backing up your data.
What if something happens to your data? In the case of passwords, it’s good to know you have a copy even if you never have to use it.
What if they lose your passwords and you don’t have a backup, what do you do? We are talking about the passwords that give you access to your important data such as banking, finance, medical records, etc.
It’s something very important. It contains passwords to your bank accounts, email accounts, social media accounts, etc. It will be disastrous if your passwords are lost. You may be able to reset them but it will take valuable time. If only there is a way to back them up.
This post contains affiliate links and TechColleague will be compensated if you make a purchase after clicking our links.
What is LastPass?
LastPass is a password manager that stores encrypted passwords online. It comes with a web browser version as well as an app you can use on your smartphone. It has free and paid versions.
The free version is sufficient if you want a password manager for yourself.
If you want to share passwords with your family members, you can purchase the family version of LastPass. If you want to share passwords within your organization, you can purchase the business version.
Export your LastPass Passwords
With LastPass, there is a nice feature to export your passwords. To do so, log in to LastPass with your Master password from your web browser. Once logged in, look at the left sidebar.
Click on Advanced Options > Export
You will be prompted to enter your Master password again.
After you enter your Master password, all your passwords will be saved to a CSV file called lastpass_export.csv.
On each line, your password is displayed as comma-separated data consisting of the following items:
- URL (e.g., https://techcolleague.com/)
- Username (e.g., Peter)
- Password (e.g., Parker)
- Extra (e.g., Secret identity: Spiderman)
- Grouping (e.g., Superheroes)
- Fav (If enabled, password will also show up in your Favorites folder.)
At this point, all your passwords are decrypted in a plain text file so you want to continue to the next step to make sure it gets encrypted.
Encrypt Your Password File
Since your password file is now in plain text, you don’t want it to be available for anyone to accidentally open it and have access to all your passwords. Encrypt this file with the Master password.
You don’t want to use another third-party encryption software to encrypt your file. Use the encryption tool that is already available on your operating system. This is safer and more reliable in the long term.
If you’re on a Linux or Mac, encrypting a file is already available with a tool called OpenSSL.
OpenSSL is a cryptography toolkit implementing Transport Layer Security. It is widely used by Internet servers.
To encrypt your CSV file, open a terminal and run this command:
openssl enc -aes-256-cbc -salt -in lastpass_export.csv -out lastpass_passwords_$(date +"%Y%m%d").txt.enc
You will be prompted to enter an encryption password. You can use a different password or use the same one as your LastPass Master Password. We recommend using the same password as your LastPass Master Password since you already remember it and you don’t have to remember another one.
The encrypted password file is called lastpass_passwords_YYYYMMDD.txt (e.g., lastpass_passwords_20210906.txt) where YYMMDD is today’s year, month. Adding this suffix makes it easier to remember when you exported the password file.
Decrypt Your Password File
If you forget this password, you won’t be able to decrypt the file. That is why it is important to verify that you are able to decrypt your password file.
You don’t have to decrypt your password file every time you encrypt it, but it is recommended that you decrypt it at least once so you know how to do it.
Verify that you can decrypt the encrypted file by running:
openssl enc -aes-256-cbc -d -in lastpass_passwords_$(date +"%Y%m%d").txt.enc -out DECRYPTED_lastpass_passwords.txt
The encrypted file is called lastpass_passwords_$(date +”%Y%m%d”).txt.enc in this example. The decrypted file is called DECRYPTED_lastpass_passwords.txt. Provide the Master password you use earlier to encrypt this file.
Remember this LastPass Master Password and don’t write it down anymore. This is the key to your kingdom. If someone gets access to this password, they may get access to all your passwords so you want to keep it safe.
Store Your Encrypted Password File
Rather than storing your encrypted file on your computer, upload it to another cloud provider. If you already have a Gmail account, you can store it on Google Drive. It is free.
This is a safe way to store your encrypted file. Even if someone hacks into your Gmail account, the file is encrypted. Unless they have the master password, they won’t be able to decrypt it.
Clean Up your Password Files
Once you have uploaded your encrypted file to Google Drive, it’s time to remove all the password files on your local computer. You can keep the encrypted file on your computer if you want but you definitely want to delete the unencrypted ones.
Delete the passwords on your computer by running:
rm -f lastpass_export.csv lastpass_passwords_*.enc DECRYPTED_lastpass_passwords.txt
Now you have the peace of mind that your passwords are safe and available if you need them. Hopefully, you never need to use them but it’s good to know you have them ready.
Export your LastPass Passwords from the Command Line
When you export your LastPass passwords, you are required to log in to the LastPass site and navigate from the user interface.
Is it possible to do this step from the command line? Fortunately, LastPass does provide a command-line application to do just that.
The first thing you want to do is install the LastPass command-line application. It is available from GitHub.
If you’re on a Mac, you can install it by using Homebrew with these commands:
brew update brew install lastpass-cli
If you don’t have Homebrew, you can install it on your Mac by running this command:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
It will take a few minutes to get it installed so you will want to get some coffee and come back.
On the GitHub site, it lists other methods for downloading this application for other operating systems.
Once you have the command line application installed, you will first need to log in to LastPass.
lpass login <username>
where <username> is the username you use to log in to LastPass from the web browser. You will be prompted for the Master password. If you have enabled multi-factor authentication, you will have to provide the one-time code.
Once you have logged in, you can export all your passwords by running this command:
lpass export > lastpass_passwords_$(date +"%Y%m%d").txt
After you have exported your passwords, it is recommended to log out from LastPass. You don’t want to stay logged for security reasons. To log out, run this command:
Now you have an additional way to export your LastPass passwords. Either way works. It depends on which option you prefer. Some people like the UI while others want to use the CLI.