LastPass to 1Password: Dealing with a Messy Conversion

We switched from LastPass to 1Password and encountered an unexpected hindrance: HTML encoded strings somehow replaced certain characters in critical passwords. The first time through the process it seemed like 1Password was was causing the problem. Upon further investigation we found that the problem originated during the LastPass 'export' process.

Update: 2018

I was given a free trial of LastPass recently and found that this issue is still a problem. Last year I tried to report this using 'contact us' details available on their web page, which unfortunately didn't fix anything.

There is no really great solution to this problem that I am aware of. When you export from LastPass it claims to give you a CSV file, yet it actually takes you to a file with a .html extension.

We were able to overcome this by examining a list of HTML encoded characters and using a text editor to find and replace specific character strings in the LastPass export. Given the complex nature of generated passwords we were unable to trust that a 'replace all' operation would be successful, so we had to search for each html encoded string individually and convert back to an unencoded character only when we could guarantee that it was the right course of action.

The most common problem we encountered was the & symbol as it was replaced with &, so:

Pass&;word    --becomes--


Other commonly encountered HTML strings included:

  • > would become >
  • < would become &lt;

After coping with the heavily manual correction process it is hard for me to take the LastPass export process seriously. It promised a CSV file and should have (at a minimum) delivered that much. It would be even better if it could avoid unexpectedly encoding characters during export as well.