It does require effort though.
Migrating the passwords is a thing in the process, but there is also finding a good alternative first, that integrates well the softwares one uses, getting used to new UI, new shortcuts, new bugs, etc.
All in all, it does take (much) more than 30 minutes.
I hear you, and generally you are correct, but migrating from LastPass to BitWarden (and setting up the extension to work exactly the way I liked LastPass to work) truly did take 30 minutes. I wasn't expecting 100% feature parity but it's there. What took the longest was discovering CTRL+SHIFT+L is the shortcut to auto-populate username/password in forms. Pressing it again will cycle to the next account in the vault.
It’s great on iOS! It integrates into the password manager just like LastPass did, so you get the “Passwords” button or the account name. If you have faceID or touchID set up, it’ll auto auth you and autofill the password. Bitwarden is seriously almost a drop in replacement. The biggest difference is the extension settings in browsers don’t autofill by default in the same way as LastPass. Also you can self host bitwarden (what I do).
Any shortcuts used by extensions based on the WebExtensions API are changeable. If you're on Firefox, press Ctrl+Shift+A (or go to about:addons), open the gear menu, and click "Manage Extension Shortcuts".
You don't have to achieve all at once. First migrate to a competent service before getting locked out of your secrets. Then you should change all passwords just in case there is a LP dev db leaking somewhere. Then you can investigate what that particular service does for you in terms of workflow and migrate later if you find one that better suits your needs.
It took me 30 minutes to do this process as well. Then it took days and weeks to find a bunch of corner cases that Bitwarden missed. At the same time it took me a few weeks to realize that I just don't like Bitwarden's UX. Their mobile app is just bad. Its slower than competitors, common actions take more button clicks, and the UI doesn't look good (it looks like it was built by programmers for programmers). Combining that altogether meant I couldn't move my family onto Bitwarden and my migration was a wasted effort.
BitWarden didn’t lose any of my passwords (which is what I assume you meant by “corner cases”), and their UX on Chromium and iOS are about on par with LastPass, so I’m not quite sure the difficulties you may have experienced. And while BitWarden’s iOS app isn’t well optimized, considering its a FOSS solution I am more than happy with that minor trade-off. I also haven’t had any trouble moving others onto it, even the more tech-illiterate people in my life.
It’s certainly not perfect, but I’m not quite sure these issues are consistent enough to be indicative of BitWarden’s quality. I mean if its lost your passwords I would assume that’s something worth making an issue about on their GitHub?
LastPass' CSV export can't handle certain characters so the exported password is wrong. I doubt they've fixed that. It was in the product during the 10-12 years I used LastPass.
Worse than that, LP notes are multi line which makes importing a bloody nightmare! Especially if you have any CSV characters in the note.
I had to modify the native CSV with some vim magic to add a line delimiter for each record so it allowed for spanning over multiple lines in order to successfully import each entry - which also required the importer to allow for an additional EOR marker.
Even then there wasn't a 1:1 column match between pw apps.
Without this step though all sorts of hell breaks loose, and if you don't notice the columns got out of sync during import because a note had a few commas in it what good is it to you really. It's a hell of a mess that you may not notice until its too late.
There should also be a verify feature for any import that can query the original source via some API calls - or use that to do the import. Of course nobody is going to provide that because it means users can leave their ecosystem too easily - but the other thinking is customized backups to a PGP destination suitable for direct import via the sale API calls.
That's because you don't have or don't know about all those custom fields that don't get exported by LastPass, which turns real migration from 30min to many hours
Also it'd be wise to change passwords during the migration as well given all the hacks, which is another set of hours
BitWarden has custom fields too, though if LP doesn't export them, then yes that's a pickle. I don't know about attachments, but notes do transfer though they're stored a few clicks deeper in the "vault".
I would argue if password updates are required because of LP's insecurity, that's really not a migration issue, that's just a LP issue.
Once you hit 300+ sites, with attachments and custom fields, it starts to be one of those ‘I am going to pretend this will app work out if I ignore it’ things rather than an easy afternoon project.
I have more than 400 websites in mine, but not a single one has custom fields or attachments and I can't think of a single reason why that would be necessary.
If one does any of the following and wants to keep track of it in a structured way, it might require custom fields in some password managers:
* Use a different name for each account
* Use different "personal information" (date of birth, etc.) for every account
* Track "security" questions and randomly-generated answers for each account, for services that still use that terrible approach
* Track which phone number is associated with each account, for services that uses SMS MFA codes
* Attach list of one-time recovery codes to accounts that use those
* Attach source of credential information when credentials were sent by someone else for e.g. testing
There's six reasons off the top of my head. I'm sure there are more.
Some services use usernames for login instead of an email address, so I keep the per service email address in another field. Or I use a different name & birthday for a service etc.
I have a few that require custom fields. I don't really have a lot of passwords saved either. Maybe 50 tops.
Custom ones are usually all banking sites. One does not use standard field names so bitwarden does not detect it. Another has an extra field for user . (Bank customer company id, password then particular user's name).
Glad you had an easy go of it. It messed a lot of things up for me and I had to ultimately cobble together a bunch of scripts that would find the mistakes so I could go in and manually correct each one (with like three extra clicks than necessary for each operation because Bitwarden's UI is trash). I think people who only used really basic LastPass features may not have had those problems. But I had LastPass Family with sharing and folders and it was a massive mess because the LastPass export was buggy and then incomplete. And Bitwarden is not able to iterating on fixing imports so you're stuck manually correcting import errors and duplicates. Not to mention that editing and updating in Bitwarden is a real pain in the ass because bulk operations are missing. I was really shocked at how shitty Bitwarden's database tools are when I actually had to try and use them.
That happened to me only because I imported the file twice or three times, thinking records would be overwritten when they completely matched. Oh, and because it also imported deleted (but not flush/emptied out) entries, which in hindsight I found it to be a good practise. Aside from that, importing was straightforward and categorizing the many uncategorized entries a breeze compared to LastPass.
All in all, it does take (much) more than 30 minutes.