Security concern, common to all 'export/import' processes when changing password managers.

suffice
suffice
Community Member

I am looking to transfer my current vault contents to 1Password (I am already invested as a new 1Password subscriber). This is not the first time that I have made the transition from one mgr to another. What's different, is that I am much more hesitant than I realized I woud be this time around, to pull the trigger on doing the actual data transfer. I've read too much over the years. Data 'leakage' or 'capture' is possible in numbers of ways, and with a very long (indefinite?) life span.

Obviously, everyone makes his/her own choice.

Anyone else in these parts ever think/thought about this?

All other things aside (keeping apps, OS, browsers, etc., up-to-date), do you think exporting via downloaded CSV file is any more/less secure than browser tab HTML copy/paste contents?

Thank you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    @suffice I know where you're coming from. I thought about it a lot before moving from LastPass.

    I think it depends on the browser, what websites it has visited, what extensions are installed, what software is installed on the laptop/desktop, the provenance of that software, etc. So use a machine you have control of and intend to keep control of. As you say, make sure all the software is up to date. I would also use a virus scanner to perform a complete system scan.

    I prefer the CSV approach as I can simultaneously make an encrypted backup. Only save the file to a Solid State Drive if it is encrypted as its not possible to truly delete a file saved to an SSD due to wear evening software. Preferably use a spinning hard disk either in your desktop or plugged in externally. Once you've imported the CSV, delete the file using file shredding software.

  • XIII
    XIII
    Community Member

    I would export to a CSV file on a RAM disk and import from there. Then reboot the machine.

    (Of course, the OS, security software, browser, etc. still should all be up-to-date)

  • [Deleted User]
    [Deleted User]
    Community Member

    @XIII I was thinking "wouldn't it be great if there was such a think as a RAM disk". I'd never heard of one until now.

  • williakz
    williakz
    Community Member

    @missingbits Great comment! The more things change, ...

  • suffice
    suffice
    Community Member

    Thanks to all for your comments. You prompted me to do a bit more research.

This discussion has been closed.