What do I do about LastPass and how do I switch?

Yes, you can export them from LastPass as a csv file and import them into bitwarden.

But the steps to this correctly are this:

  1. Logout of LastPass
  2. Close your browser
  3. Open your browser
  4. Log into LastPass
  5. Perform the export from inside LastPass (before doing any other actions inside of LastPass)

If you don’t do the exact steps above, then when you do an export from LastPass, it most likely will export some of your passwords twice (so you will have duplicates). This is a known bug in LastPass that they have never fixed.

You also need to do this (from the bitwarden site):

“Some users have reported a bug which changes special characters in your passwords (&, <, >, and so on) to their HTML-encoded values (for example, &) in the printed export. If you observe this bug in your exported data, use a text editor to find and replace all altered values before importing into bitwarden.”

The import into bitwarden procedure is located here:

https://bitwarden.com/help/import-from-lastpass/

I don’t understand how people still stayed with LastPass after all their controversies and pulling bait-and-switch on their customers well over a year ago at this point

I exported my vault to CSV and imported them all into Bitwarden in one go.

Move over to https://www.passwordstore.org.

And if you want to use Age encryption - https://github.com/FiloSottile/passage

If someone credible could write a blog post on this, that would be very great

I’ve been using Dashlane for a few years and I’ve been above-average happy. Here’s a blog post on how to make the move: https://www.techrepublic.com/article/transfer-passwords-last... Referral link for Dashlane: https://www.dashlane.com/en/im/jLhbGWdXVSnR

The easiest way is having lastpass export your vault of passwords as a CSV. Most other passwords managers (Bitwarden, 1Password, Dashlane, etc.) should be able to import that for you into their vaults.

I did this (moved from LastPass to 1Password) back when LastPass changed how they were doing their free vaults and with LastPass’s less than stellar track record on security. I will at least advocate for 1Password as their family vaults are amazing for sharing things securely with the wife and my parents.

Since they have everyone's password vaults, it is likely a matter of time before your vault is decrypted. You should change all of your last pass passwords.

For years I've been telling people I know to NEVER trust all their security to one-password services. Given so many tech companies penchant for playing stupid and loose with internal security without customers even being aware of it, this kind of thing was bound to happen. All the worse to trust a password vault service under the circumstances.

Too many people who should know better on this site itself kept recommending things like Lastpass... Incredible.

Besides the multibrowser / OS limitation, is there any other drawback on using native browser pass managers?

You can export your data from LastPass and import it in e.g. 1Password. I did that ~2 years ago. No regrets.

Some time ago I created a github page which is using google spreadsheet as back-end and in-browser aes encryption/decryption of secrets stored in that spreadsheet. It's not beautiful but good enough for me. Added bonus is I can easily take backups of that spreadsheet.

Convert to keepass and sync the key file across your devices with a cloud service.

if you have crypto, transfer to new wallet asap. use offline computer and use something like VeraCrypt, which is open source and has been audited. don't trust cloud companies to do the encryption for you.

Switched to self-hosted Bitwarden on my own domain behind a VPN. Everything on disk is encrypted.

Why not something like keepass, bitwarden can also get pwned without your involvement.

Or be a luddite and write it on paper.

I host a small VM and run dockerized Vaultwarden behind Nginx on it. It has been a solid setup so far.