Read first: Previous version support information

Question about best-practice way to selectively migrate passwords

Options
Talia521
Talia521
Community Member
in 1Password 7 for Windows

I recently purchased a 1-year membership to 1password. I want to keep certain passwords out of the application altogether, but I generally bought the membership to aggregate credentials from different usernames on browsers such as Chrome and Firefox.

I have been looking at the documentation, and 1password seems to suggest you export your passwords en masse from different Chrome usernames (for example), as plaintext, and then import it into 1password. However, I would really like to keep certain credetials out of 1password (so ideally I would like to be able to select which passwords get exported in the first place, rather than import all passwords, and then delete or change the ones I want kept outside of 1password).

The other thing is I would like to avoid exporting the passwords into plaintext. Thus, my questions are:

  1. Is there a way to choose the passwords you export from a browser upfront?
  2. What is the most secure way to export passwords to 1pass while being selective about what passwords you export? I thought Keepass may have a feature like that.
  3. When you install plugins to Chrome or iOS, does it offer to keep any passwords from then on? Or does it try to import passwords that you already have in those respective systems as well? I have Keychain operating alongside 1password, and 1password doesn't seem to be offering to save even new passwords I make.

Is the safest way really to transfer them one by one to 1password?

Thanks very much.

1Password Version: 7.7.819
Extension Version: N/A
OS Version: Windows 10

Comments

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    Hi @Talia521!

    Is there a way to choose the passwords you export from a browser upfront?

    I am not aware of a browser that offers this feature I am afraid. So far I have only seen browsers that allow you to export everything.

    What is the most secure way to export passwords to 1pass while being selective about what passwords you export? I thought Keepass may have a feature like that.

    Because you need to export data first, you will have to save it in a file temporarily. You could edit this file directly, removing what you don't want to upload, and then import the remaining list in 1Password. You can now delete the exported file.

    When you install plugins to Chrome or iOS, does it offer to keep any passwords from then on?

    Yes it does :+1:

    Or does it try to import passwords that you already have in those respective systems as well?

    It won't force you to update existing entries, but you can change them anytime from that point on:

    Change your passwords to make them stronger

    I have Keychain operating alongside 1password, and 1password doesn't seem to be offering to save even new passwords I make.

    You might have to turn off Keychain to avoid interference if this is happening to you:

    Turn off the built-in password manager in your browser

    Is the safest way really to transfer them one by one to 1password?

    I would not recommend doing this one by one, no. I would make sure I edit the exported CSV file once, and import them all at once.

  • Talia521
    Talia521
    Community Member
    Options

    Thank you so much for your help! I am very excited to get started aggregating my passwords. I do have one more question (below):

    Because you need to export data first, you will have to save it in a file temporarily. You could edit this file directly, removing what you don't want to upload, and then import the remaining list in 1Password. You can now delete the exported file.

    I understand. I guess one concern I have is if it is possible to take additional precautions with this plaintext file. I will try to do a malware scan on my computer, but I am concerned that a program could possibly read the file while it is getting generated. Is there any way to get the password file encrypted as it is generating (i.e. right out of the gate), because otherwise I figure I would have to open the file to encrypt it, and that this could cause even more security issues.

    If there is no alternative, I guess I would just need to change the important passwords that I am removing from the file right away, to ensure that the passwords in the password file are no longer correct for these accounts.

    I'd appreciate your advice on this. Thanks again.

  • Jack.P_1P
    Jack.P_1P
    Options

    Hi @Talia521:

    If your concern is that the system this export / import is happening on may be compromised, I think we're having an entirely different discussion. There are bigger concerns at that point than what happens with the exported file. For example, if the system is compromised, then keylogging of passwords as they are entered into web forms, regardless of what/who is doing that entering, would be a real concern. Additionally, you mention possibly encrypting that file as it is being generated, and again, if you can't trust the system, there's truly no way to verify that a malicious process isn't copying the unencrypted data before it is encrypted. Personally I wouldn't continue to use a system where I have a believe that compromise or malware is a real concern until that concern is addressed.

    That said, it certainly wouldn't hurt at all to change any secrets that passed through a plain text export once they've been encrypted. It may be overkill, but it certainly is a step you could consider, depending on your threat model.

    Jack

  • Tertius3
    Tertius3
    Community Member
    Options

    @Talia521 I read your initial question and its specifics, however may be a more general answer could help as well.

    I migrated to 1Password half a year ago and needed to import my logins from Chrome as well as from my previous password manager (pwsafe). Most of the entries were duplicates, but not all.
    I want a single location for all my passwords (the private vault), and there was no password I don't wanted to import (in contrast to your request - I don't see the benefit in leaving out single logins).

    So I created a new vault called "import", and into this vault I imported all Chrome logins directly, because there is built in support in 1Password for this.
    Then I used the MrC converter suite (https://1password.community/discussion/101693/moving-to-1password-from-another-password-manager) to import my pwsafe database into the same vault.

    Then I went manually through all entries, merged duplicates, removed redundant and obsolete entries and as soon as I finished a consolidated and verified entry, I moved it to my private vault.
    It took me several evenings to clean up all approx. 400 entries. The "import" vault slowly lost its entries while I processed them, and my private vault gained the cleaned up entries.
    In the end the import vault was empty, only remaining things were the deleted entries.
    Then I deleted the now empty import vault, which was not required any more. My cleaned up entries (only approx. 130 survived the cleanup) were in my private vault, where I wanted them to be.

    If I wanted some entries not even imported to 1Password, I would load the corresponding export files (from Chrome and from MrC converter suite) into a text editor (usually these exports are ascii text) and delete the text of these entries. However, this needs some understanding of the textual format of the files, so it is not recommended for someone without technical background.

This discussion has been closed.