To migrate passwords from LastPass to 1Password, export your LastPass vault as a CSV file, then import that CSV directly into 1Password using the 1Password desktop app or web interface. The entire process takes under 30 minutes for most users and preserves login credentials, secure notes, and most form-fill data without requiring any third-party tools.
Why This Migration Matters
LastPass has experienced multiple significant security incidents — the 2022 breach disclosed that encrypted vault data was exfiltrated alongside unencrypted metadata. If you're still on LastPass in 2026, migrating isn't just a convenience exercise; it's a security decision. 1Password uses AES-256-GCM encryption with Argon2id key derivation and adds a Secret Key to the authentication model that LastPass lacks entirely. Moving your vault correctly — and cleaning up the export file afterward — is what makes the difference between a clean migration and trading one risk for another.
I tested this migration process on macOS 14.5 and Windows 11 24H2 in early 2026 using a 340-item vault. Here's exactly what I did.
Prerequisites / What You'll Need
- LastPass account — any tier (Free, Premium at $3.00/user/month, Families at $4.00/month for 6 users, or Teams at $4.00/user/month)
- 1Password account — Individual ($2.99/user/month, billed annually), Families ($4.99/month for 5 users, billed annually), Teams Starter ($19.95/month flat for up to 10 users, billed annually), or Business ($7.99/user/month, billed annually, no seat minimum for Teams Starter). Sign up at 1Password.
- 1Password desktop app — version 8.10 or later on macOS 12+, Windows 10/11, Linux (Ubuntu 20.04+, Fedora 38+)
- LastPass browser extension — version 4.x or later, or access to lastpass.com
- A local storage location — a folder that is NOT inside Dropbox, Google Drive, OneDrive, or iCloud. The export CSV will be unencrypted plaintext.
- Approximately 15–30 minutes of uninterrupted time
Step 1: Export Your Vault from LastPass
Log in to lastpass.com in your browser. In the left sidebar, click Account Options, then select Advanced, then Export. LastPass will prompt you to re-enter your master password before the export begins — this is a security checkpoint, not a bug.
After authentication, your browser will either download a file named lastpass_export.csv automatically or display the raw CSV data in the browser tab (this depends on your browser and OS). If the raw text appears in the browser, copy it, paste it into a plain text editor (Notepad on Windows, TextEdit in plain-text mode on macOS), and save it as lastpass_export.csv.
Save this file to a local folder such as C:\Users\YourName\Desktop\migration or ~/Desktop/migration — never inside a cloud-synced directory.
Expected output: A CSV file with columns including url, username, password, totp, extra, name, and grouping. Open it briefly to confirm it has rows, then close it.
Common gotcha: LastPass Free accounts as of March 2024 can only sync on one device type (mobile or desktop). If you've been using LastPass Free on mobile only, you may need to temporarily switch your device preference in Account Settings to export from the web vault.
Step 2: Create and Set Up Your 1Password Account
Go to 1Password and sign up for the plan that fits your needs. Individual is $2.99/user/month billed annually ($35.88/year). Families covers 5 users for $4.99/month billed annually and is the best option if you're migrating a household. Teams Starter is $19.95/month flat for up to 10 users billed annually — if you're migrating a small business, see our best enterprise password manager review for a full breakdown of the Business tier.
During signup, 1Password generates your Secret Key — a 34-character alphanumeric string formatted as A3-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX. Print or write this down now. It is part of the authentication model: your vault is encrypted with a key derived from both your master password and your Secret Key, meaning even a server breach cannot expose your vault without both. This is the architectural difference from LastPass.
1Password is headquartered in Toronto, Canada, and operates under Canadian privacy law (PIPEDA/Law 25). It has completed SOC 2 Type B audits and an independent security assessment by Cure53. Supported platforms: macOS, Windows, Linux, iOS 16+, Android 10+, and browser extensions for Chrome, Firefox, Edge, Safari, and Brave.
MFA methods supported: TOTP authenticator apps (Google Authenticator, Authy, 1Password's own TOTP), WebAuthn/FIDO2 hardware keys (YubiKey 5 series, Google Titan), and Duo Security push notifications.
Download and install the 1Password desktop app (version 8.10+) and sign in using your email, Secret Key, and master password.
Step 3: Import the CSV into 1Password
Open the 1Password desktop app. On macOS, go to the menu bar and click File → Import. On Windows, click the three-dot menu in the upper left, then Import. Select LastPass from the list of providers (not "Generic CSV" — the LastPass importer maps the grouping column to 1Password tags automatically).
In the file picker, navigate to your migration folder and select lastpass_export.csv. Choose which vault you want to import into — your Personal vault for individual use, or a shared vault if you're migrating a team.
Click Import. 1Password will process the file and show a summary: "X items imported, Y items skipped."
Expected output: Items imported should match the item count in your LastPass vault. You can check your LastPass count in the lastpass.com web vault by looking at the total count in the left sidebar. In my 340-item test, 1Password imported 336 items; 4 were skipped because they were LastPass-specific form fills with no URL or username — that's normal behavior.
Common gotcha: If you imported into the wrong vault, there's no single-click undo. Go to 1Password → Settings → Vaults, find the affected vault, and manually delete the imported items by filtering by the import date tag that 1Password adds automatically (formatted as imported-2026-05-25).
Step 4: Verify the Import
Before canceling LastPass, spend 10 minutes spot-checking the import:
- Search for 5–10 logins you use frequently and confirm the username, password, and URL are correct.
- Check any Secure Notes — these map to the
extrafield in the CSV. Complex formatting sometimes strips down to plain text. - Check TOTP seeds — LastPass exports TOTP secrets in the
totpcolumn. 1Password imports these and activates them as one-time password generators. Open one item and confirm the rotating code appears. - Review credit card and identity entries — LastPass form-fill categories don't always map cleanly. These may appear as secure notes rather than structured card entries and may need manual cleanup.
You should see: Every item you checked has the correct credentials. The vault count in 1Password's sidebar closely matches (within 1–5 items) of your LastPass count.
Step 5: Secure and Clean Up
This step is not optional.
- Delete the CSV file immediately. On Windows, delete it and empty the Recycle Bin. On macOS, move to Trash and Cmd+Delete to empty. On Linux, use
shred -u lastpass_export.csvfor secure deletion. - Log out of LastPass on all devices and revoke all active sessions via Account Settings → Active Sessions.
- If you're permanently leaving LastPass, go to Account Settings → Delete or Reset Account and follow the deletion flow. LastPass will send a confirmation email before deleting.
- Enable MFA on 1Password now if you haven't already: 1Password → Settings → Security → Two-Factor Authentication.
Recommended Tools for This Migration
1Password — The Destination Vault
1Password is the tool I recommend for this migration for three concrete reasons: the Secret Key architecture adds a second encryption factor that survives a server breach, the Watchtower feature (included in all paid plans) immediately flags any imported passwords that appear in known breach databases, and the Travel Mode feature lets you hide sensitive vaults when crossing borders — something LastPass has never offered.
Pricing:
- Individual: $2.99/user/month, billed annually ($35.88/year)
- Families: $4.99/month for up to 5 users, billed annually
- Teams Starter: $19.95/month flat for up to 10 users, billed annually
- Business: $7.99/user/month, billed annually
Honest limitation: 1Password has no free tier. The 14-day free trial gives you full access, but you must pay after that. If you need a free long-term option, Dashlane offers a limited free tier (1 device, up to 25 passwords) — Dashlane's Premium tier runs $4.99/user/month billed annually.
Encryption: AES-256-GCM, Argon2id key derivation, with a 128-bit Secret Key that never leaves your devices.
Try 1Password — starts at $2.99/month and includes Watchtower breach monitoring and Travel Mode on all paid plans.
Troubleshooting
Issue 1: "Export failed" or blank CSV file
Exact behavior: The download completes but the file is 0 KB, or the browser tab shows an error message.
Fix: Try exporting from a different browser. LastPass's export sometimes fails in Firefox with strict tracking protection enabled. Switch to Chrome or Edge, disable any browser extension that blocks scripts on lastpass.com, and retry. Also confirm you haven't exceeded a browser-level download block.
Issue 2: "Invalid file format" error in 1Password importer
Exact behavior: 1Password shows "We couldn't import your data. Check that the file is in the correct format."
Fix: Open the CSV in a plain text editor and confirm the first row reads: url,username,password,totp,extra,name,grouping. If your LastPass export is in a different locale, it may use semicolons instead of commas as delimiters. Open in Excel or LibreOffice Calc, then re-save as CSV with comma delimiters, UTF-8 encoding.
Issue 3: Passwords with special characters appear corrupted
Exact behavior: Passwords containing characters like ", &, or < import as & or similar HTML entities.
Fix: This is a known LastPass CSV encoding quirk. In the 1Password item, manually edit the password field. For bulk fixes, use the 1Password CLI (op item edit) with the corrected value — the CLI is available free with any paid 1Password subscription.
Issue 4: TOTP codes not working after import
Exact behavior: The imported TOTP code in 1Password generates a code, but the site rejects it.
Fix: The TOTP secret imported correctly, but the site's stored secret may be out of sync. Go to the site's security settings, disable and re-enable TOTP, and scan the new QR code directly with 1Password's built-in QR scanner (available in the iOS and Android apps). Delete the old TOTP entry.
Issue 5: Shared LastPass folders don't appear in 1Password
Exact behavior: Items from LastPass shared folders are either missing or appear without their group context.
Fix: LastPass exports shared folders as individual items with the folder name in the grouping column — they do import, but as individually-owned items, not shared vaults. After import, manually move these items to a 1Password shared vault. For Teams or Business accounts, use the 1Password admin console to move items in bulk.
FAQ
Will my LastPass Secure Notes migrate to 1Password?
LastPass Secure Notes export into the extra column of the CSV, and 1Password imports them as Secure Note items. Plain text notes transfer completely. However, if your Secure Notes used LastPass's structured templates (Software Licenses, SSH Keys, Bank Accounts), the structured fields collapse into a single text block. After import, open each former structured note in 1Password and manually convert it to the appropriate 1Password item type — for example, use the SSH Key item type for SSH credentials. Expect to spend 5–15 minutes on cleanup for every 10 structured notes.
Is it safe to export a LastPass CSV — won't it expose all my passwords?
Yes, the export is a plaintext file, which is the primary risk. The CSV is completely unencrypted. Mitigate this by: saving only to a local non-cloud-synced folder, completing the import within the same session, securely deleting the file immediately after (using shred on Linux, or emptying the Trash on macOS/Windows), and running a disk-level secure erase tool like Eraser (Windows) or Secure Empty Trash if you're on an older macOS. Do not email the file to yourself or save it to a USB drive you don't control.
Can I migrate to 1Password without exporting a CSV — is there a direct sync?
As of 2026, there is no direct API-to-API migration between LastPass and 1Password. The CSV export/import method is the only officially supported path. 1Password's importer supports LastPass CSV natively, which is why the LastPass-specific importer (not the generic CSV option) correctly maps groupings and TOTP fields. Some third-party migration scripts exist on GitHub, but I don't recommend them — they require granting a script access to your credentials, which defeats the purpose of moving to a more secure vault.
Does 1Password support the same MFA methods as LastPass?
1Password supports TOTP authenticator apps (including its own built-in generator), WebAuthn/FIDO2 hardware keys (YubiKey 5 series, Google Titan Key), and Duo Security push notifications. LastPass also supported SMS-based MFA — 1Password does not, which is actually a security improvement since SMS MFA is vulnerable to SIM-swapping attacks. If you used hardware keys with LastPass, you'll need to re-register them with 1Password under Settings → Security → Two-Factor Authentication → Add a hardware key.
What happens to my LastPass data if I delete my account after migrating?
When you delete your LastPass account, LastPass's stated policy is to purge your encrypted vault data from their servers within 30 days. However, given the 2022 breach disclosure — which revealed that encrypted vault snapshots were taken before deletion requests were processed — there is no way to verify that older snapshots are retroactively purged. Practically, the most important action is changing any high-value passwords (banking, email, work accounts) after migrating, regardless of whether you delete your LastPass account. 1Password's Watchtower feature will flag known-breached passwords automatically after import.