Security of Lastpass data import

I see that importing data from Lastpass requires a csv to be downloaded and imported into BW. Is that CSV encrypted, and how secure is this process overall?

Pretty much any import/export from a password manager (LastPass, 1Password, Dashlane, Roboform, and Bitwarden for example) will have to be in plain-text.
The passwords would need to be unencrypted for the password manager you are importing into to read them.

So long as you have full disk encryption such as Bitlocker, or use an encrypted container such as VeraCrypt you should be okay.
I would also recommend to use some program to securely erase the file, rather than simply deleting it and emptying the recycle bin.

Though if you have a more modern SSD this can sometimes still be pulled with recovery software so again I highly always encourage the use of full disk encryption, and especially in a case for sensitive data such as your passwords .csv export I would also use VeraCrypt to keep your data secure and only on a device you trust fully, such as your own personal machine rather than a shared computer.

Can you recommend any programs for secure deletion

If your vault was in the LastPass breach, then you’ll probably want to change all you account passwords anyway, so it may not matter too much that the .csv is in cleartext.

1 Like

^^^That^^^ is what you should do.

1 Like

As far as your question goes, Eraser – (heidi.ie) is a good one for Windows files.
Though as mentioned if you have an SSD then this will likely not work as intended and so I highly recommend still utilizing some form of an encrypted container such as VeraCrypt.

Though as others here have mentioned, if you were a Lastpass migrant then you will have to assume your vault was compromised as part of the breach. In such as case after you import your data into Bitwarden, I would work through the tedious process of changing all the passwords for your online accounts.

  1. Starting with your most important accounts such as email,healthcare, banking, and other financials
  2. Working your way to other accounts such as social media
  3. Then finally getting to the not so important account’s such as online forums, shopping rewards programs, etc.

You can go through and change these in Bitwarden and work through your original .csv to ensure you have gotten them all changed or updated, at which point any information in the .csv would be moot anyways.
Best of luck :slightly_smiling_face:

Well you ‘could’ put the CSV on a two-buck usb stick, do your import, then break out a power drill and put a few holes in it, then toss it in your garbage.

There is an interesting discussion about the SSD problem here.

With regards to VeraCrypt and similar solutions, there is some important information to be aware of here; one has to take precautions so that the decrypted data in memory are not leaked to page files, hibernation files, and the like.

Grinders do a great job of turning SD cards into dust :+1: