Facebooktwitterredditpinterestlinkedintumblr

Although LastPass backs up your passwords, it’s always a good idea to have a backup copy, just in case. The problem with cloud solutions is that they depend on the service provider backing up your data.

What if something happens to your data? In the case of passwords, it’s good to know you have a copy even if you never have to use it.

What if they lose your passwords and you don’t have a backup? What do you do? We are talking about the passwords that give you access to important data such as banking, finance, medical records, etc.

It’s something very important. It contains passwords to your bank accounts, email accounts, social media accounts, etc. It will be disastrous if your passwords are lost. You may be able to reset them, but it will take valuable time. If only there were a way to back them up.

This post contains affiliate links, and TechColleague will be compensated if you purchase after clicking our links.

What is LastPass?

LastPass is a password manager that stores encrypted passwords online. It comes with a web browser version and an app you can use on your smartphone. It has free and paid versions.

The free version is sufficient if you want a password manager for yourself.

If you want to share passwords with your family members, you can purchase the family version of LastPass. You can purchase the business version if you want to share passwords within your organization.

Export your LastPass Passwords

With LastPass, there is a nice feature to export your passwords. To do so, log in to LastPass with your Master password from your web browser. Once logged in, look at the left sidebar.

Click on Advanced Options > Export.

You will be prompted to enter your Master password again.

After you enter your Master password, all your passwords will be saved to a CSV file called lastpass_export.csv.

On each line, your password is displayed as comma-separated data consisting of the following items:

  • URL (e.g., https://techcolleague.com/)
  • Username (e.g., Peter)
  • Password (e.g., Parker)
  • Extra (e.g., Secret identity: Spiderman)
  • Grouping (e.g., Superheroes)
  • Fav (If enabled, the password will also appear in your Favorites folder.)

At this point, all your passwords are decrypted in a plain text file, so you want to continue to the next step to ensure it gets encrypted.

How to Encrypt Your Password File?

Since your password file is now in plain text, you don’t want it to be available for anyone to open it and have access to all your passwords accidentally. Encrypt this file with the Master password.

You don’t want another third-party encryption software to encrypt your file. Use the encryption tool that is already available on your operating system. This is safer and more reliable in the long term.

If you’re on a Linux or Mac, encrypting a file is already available with an OpenSSL tool.

OpenSSL is a cryptography toolkit implementing Transport Layer Security. Internet servers widely use it.

To encrypt your CSV file, open a terminal and run this command:

openssl enc -aes-256-cbc -salt -in lastpass_export.csv -out lastpass_passwords_$(date +"%Y%m%d").txt.enc

You will be prompted to enter an encryption password. You can use a different password or use the same one as your LastPass Master Password. We recommend using the same password as your LastPass Master Password since you already remember it and don’t have to remember another one.

The encrypted password file is called lastpass_passwords_YYYYMMDD.txt (e.g., lastpass_passwords_20210906.txt), where YYMMDD is today’s year and month. Adding this suffix makes it easier to remember when you export the password file.

If you have OpenSSL 1.1.11, you may get this error message:

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

The three additional arguments are used as follows:

  • md – the message digest to use
  • iter – the number of iterations on the password in deriving the encryption key
  • pbkdf2 – use the Password-Based Key Derivation Function 2 algorithm

You can ignore the error message, and the encryption still works. If you don’t want to see this error message, you can adjust the arguments for OpenSSL by running

openssl enc -aes-256-cbc -salt -md sha512 -pbkdf2 -iter 100000 -in lastpass_export.csv -out lastpass_passwords_$(date +"%Y%m%d").txt.enc

If you run the command above, the warning message should go away.

How to Decrypt Your Password File?

If you forget this password, you won’t be able to decrypt the file. That is why it is important to verify that you can decrypt your password file.

You don’t have to decrypt your password file every time you encrypt it, but it is recommended that you decrypt it at least once to know how to do it.

Verify that you can decrypt the encrypted file by running:

openssl enc -aes-256-cbc -d -in lastpass_passwords_$(date +"%Y%m%d").txt.enc -out DECRYPTED_lastpass_passwords.txt

The encrypted file is called lastpass_passwords_$(date +”%Y%m%d”).txt.enc in this example. The decrypted file is called DECRYPTED_lastpass_passwords.txt. Provide the Master password you used earlier to encrypt this file.

Remember this LastPass Master Password, and don’t write it down anymore. This is the key to your kingdom. If someone gets access to this password, they may get access to all your passwords, so you want to keep it safe.

Similar to the encryption step, you may encounter a warning message if your computer is running OpenSSL 1.1.11:

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

The three additional arguments are used as follows:

  • md – the message digest to use
  • iter – the number of iterations on the password in deriving the encryption key
  • pbkdf2 – use the Password-Based Key Derivation Function 2 algorithm

You can ignore the error message, and the encryption still works. If you don’t want to see this error message, you can adjust the arguments for OpenSSL by running

openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -d -in lastpass_passwords_$(date +"%Y%m%d").txt.enc -out DECRYPTED_lastpass_passwords.txt

If you run the command above, the warning message should go away.

How to Store Your Encrypted Password File?

Rather than storing your encrypted file on your computer, upload it to another cloud provider. If you already have a Gmail account, you can store it on Google Drive. It is free.

This is a safe way to store your encrypted file. Even if someone hacks into your Gmail account, the file is encrypted. Unless they have the master password, they won’t be able to decrypt it.

How to Clean Up your Password Files?

Once you have uploaded your encrypted file to Google Drive, it’s time to remove all the password files on your local computer. You can keep the encrypted file on your computer if you want but you want to delete the unencrypted ones.

Delete the passwords on your computer by running:

rm -f lastpass_export.csv lastpass_passwords_*.enc DECRYPTED_lastpass_passwords.txt

Now you have the peace of mind that your passwords are safe and available if you need them. Hopefully, it would be best if you never used them, but it’s good to know you have them ready.

How to Export your LastPass Passwords from the Command Line?

When you export your LastPass passwords, you are required to log in to the LastPass site and navigate from the user interface.

Is it possible to do this step from the command line? Fortunately, LastPass does provide a command-line application to do just that.

The first thing you want to do is install the LastPass command-line application. It is available from GitHub.

If you’re on a Mac, you can install it by using Homebrew with these commands:

brew update
brew install lastpass-cli

If you don’t have Homebrew, follow my guide on How to Install Homebrew on a Mac.

On the GitHub site, it lists other methods for downloading this application for other operating systems.

Once you have the command line application installed, you will first need to log in to LastPass.

lpass login <username>

where <username> is the username you use to log in to LastPass from the web browser. You will be prompted for the Master password. If you have enabled multi-factor authentication, you will have to provide the one-time code.

Once you have logged in, you can export all your passwords by running this command:

lpass export > lastpass_passwords_$(date +"%Y%m%d").txt

After you have exported your passwords, it is recommended to log out from LastPass. You don’t want to stay logged in for security reasons. To log out, run this command:

lpass logout

Now you have an additional way to export your LastPass passwords. Either way works. It depends on which option you prefer. Some people like the UI, while others want to use the CLI.

Tim Miller

Tim has always been obsessed with computers his whole life. After working for 25 years in the computer and electronics field, he now enjoys writing about computers to help others. Most of his time is spent in front of his computer or other technology to continue to learn more. He likes to try new things and keep up with the latest industry trends so he can share them with others.

Leave a Comment