Just Arrived From LastPass, And Boy Do I Got Questions

Options
willmize
willmize
Community Member
in Mac

As you know, LastPass is having a bit of a nightmare/quandary, depending on how you want to look at it, and I decided to jump ship while the getting was good, and come over here to 1Password.

I want to make sure all my information and passwords are safe and sound as I can possibly make them, so a few questions for you, please.

First, I came to 1Password by downloading all my data from LastPass and uploading it to 1Password.

1) How safe am I, seeing that I have the same passwords as before, but a different minder? I get the feeling "not very".
2) If I'm unsafe as heck, do I need to change every single password in my current 1Password vault? I get the feeling "Yes, knucklehead."
3) If I have to change all several hundred of them, what is the easiest and most efficient way to do this? (Of course, I know there may not be, but a man can dream)

Thank you all so much for your help, and thanks to the 1Password team for making the switch so virtually painless.

  • Bill

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Mac 12.6.2
Browser:_ Firefox

Comments

  • PeterG_1P
    PeterG_1P
    edited December 2022
    Options

    Hi @willmize

    First, I'd like to say: welcome to the 1Password community! Although of course we wish it was under less fraught circumstances. In any case, we're happy to help from here. 👋

    How safe am I, seeing that I have the same passwords as before, but a different minder?

    A great question! Let's start with a general look at how security works in 1Password, and then we'll move to specific advice.

    1Password Security: A High-Level View

    First, I should mention that the security of your items in 1Password, assuming no prior compromise of the data, is very high. We could chat endlessly about security (and sometimes do! 😃) but as a quick overview, the two primary elements that secure your data in 1Password are:

    These two are combined to jointly encrypt your data, and they serve two complementary purposes.

    Your Secret Key protects your data when it's off your devices. For example, let's say that some hacker attacks our servers in an attempt to make off with your data. Even if they did so, it would be essentially impossible for them to break open your personal 1Password database, because this isn't mathematically feasible without knowing the Secret Key (which only you have).

    Meanwhile, your account password protects the data that's on your device. So if someone makes off with your laptop while you're vacationing in Maui, that's the primary element that stands in the way of them being able to get at your data - which is why choosing a strong password is important.

    Now, to return to your question at the specifics level:

    What to Do Next

    How safe am I, seeing that I have the same passwords as before, but a different minder? I get the feeling "not very".

    Given that your data was involved in a breach, the answer is indeed "not very."

    If I'm unsafe as heck, do I need to change every single password in my current 1Password vault?

    I'll offer the same advice here that I'd give to a family member: assume that anything that was in your old vault is compromised. Change your passwords for everything, starting with the most important accounts.

    If I have to change all several hundred of them, what is the easiest and most efficient way to do this?

    I wish we had a magic workflow to offer here (and we're always looking for ways to improve this, by the way). The best I can suggest is the following:

    1. Make sure you have the 1Password extension installed in your browser
    2. Use the browser extension to sign you into each account you need to change online
    3. Go to the relevant website's "Change Password" page or equivalent, and the 1Password extension will auto-suggest new, strong passwords for you
    4. Save the item with the new password to update it

    And so on, for any relevant accounts.

    Our how-to guide is here: https://support.1password.com/generate-website-password/

    I hope this is helpful. Again, sorry that this situation is something you find yourself impacted by, but we're happy to assist with the next steps in any way we can.

  • willmize
    willmize
    Community Member
    Options

    Hey @PeterG_1P ! Thank you SO MUCH for your kind and thorough response, I appreciate it! Looks like I have my work cut out for me, but in the long run, it's all for the best! Thanks again! - Bill

  • GreyM1P
    GreyM1P
    Options

    @willmize – On Peter's behalf, you're very welcome. And yes, while doing your own security audit can take some time, the end results of better security and peace of mind will be worth it. We'll be here if you need anything. :)

This discussion has been closed.