Move Your Passwords from Bitwarden to KeePass on Mac or iPhone

Moving to KeePass from Bitwarden can provide many benefits. In this post, we’re going to explain why you might want to switch to KeePass and how to do it quickly and easily.

If you’re only interested in the how-to, you can skip straight to the step-by-step guide.

Why

Portability

KeePass is an open standard file format for storing password databases. Databases are stored as KDBX files. These files can be opened and edited by any KeePass compatible app or client.

This has various advantages. For one thing, you won’t have to go through a laborious import/export process the next time you want to use a different password management app! Once you have your KDBX database file, you can instantly and seamlessly open and edit it in various other apps. This allows you to experiment and find the best app for your needs.

You can use different password management apps on your phone and your computer with the same database file. You could do the same thing with different apps for Mac, Linux and Windows computers.

There are many more reasons to switch to KeePass, see here for just a few.

How to Switch to KeePass

In order to follow the steps below, you’ll need to download the Strongbox app on your iPhone iPad or Mac.

Strongbox is a free and open source password manager that uses the KeePass file format. It’s available on iPhone, iPad and Mac.

There’s a Pro version of the app available but the free version has everything you need to import, view and edit your passwords. And if you later decide you don’t want to use Strongbox, it’s easy to use your new KeePass database with another compatible app; there’s no lock-in.

Step 1: Exporting from Bitwarden

  1. Go to Bitwarden on the web and unlock your vault normally found here https://vault.bitwarden.com/.
  2. Click Tools in the top menu bar and choose Export Vault (see Screenshot below).
  3. Make sure you select JSON as the File Format and click Confirm Format.
  4. You will be asked to re-enter your master password. Do so and then click Export Vault.
  5. Save the resulting JSON file in a convenient location available for step 2 below.
Bitwarden Export

Step 2: Import Bitwarden JSON using Strongbox

Choose from the instructions below depending on whether you’re importing using your Mac or iPhone/iPad…

2a) On your Mac (macOS)
  1. Open Strongbox, and click File > Import > Bitwarden (JSON) menu item – see screenshot below.
  2. Locate and select the Bitwarden JSON file that you exported in Part 1 above. Strongbox will confirm the import was successful.
  3. You now need to set a master password for your new Strongbox database. This can be the same as your old Bitwarden master password if you like.
  4. Lastly, save your new Strongbox database either locally or on your favourite cloud drive.
  5. Check your entries in Strongbox to make sure all of your data has been imported successfully.
strongbox-import-bitwarden
2b) On your iPhone or iPad (iOS)
  1. Move the Bitwarden JSON file that you exported in Part 1 above into a location that can be accessed by your iPhone/iPad.
  2. Open Strongbox and tap the Plus Symbol (+) in the top right of the screen.
  3. Tap More > Bitwarden (JSON)… and follow the on screen instructions
  4. Check your entries in Strongbox to make sure all of your data has been imported successfully.
import-ios-bitwarden

Step 3: Cleanup

  1. Delete the JSON file that you exported from Bitwarden.

Next Steps

If you want to get familiar with Strongbox, check out our Getting Started guide. We also have extensive help articles available.

And if you have any feedback or issues, don’t hesitate to contact our support team: support@strongboxsafe.com

Move Your Passwords from Enpass to KeePass on Mac or iPhone

KeePass offers a number of advantages over Enpass. In this post, we’re going to explain why you might want to switch to KeePass and how to do it quickly and easily.

If you’re only interested in the how-to, you can skip straight to the step-by-step guide.

Why

Portability

KeePass is an open standard file format for storing password databases. Databases are stored as KDBX files. These files can be opened and edited by any KeePass compatible app or client.

This has various advantages. For one thing, you won’t have to go through a laborious import/export process the next time you want to use a different password management app! Once you have your KDBX database file, you can instantly and seamlessly open and edit it in various other apps. This allows you to experiment and find the best app for your needs.

You can use different password management apps on your phone and your computer with the same database file. You could do the same thing with different apps for Mac, Linux and Windows computers.

Transparency

Enpass is closed source. This means that the source code is not available for inspection on open source websites like Github. This does not in and of itself mean that Enpass is doing something suspicious. It’s just not confidence inspiring, and with a tool for managing your most important secrets, we think that’s just not good enough. We always recommend going with Open Source solutions like Strongbox.

How to Switch to KeePass

In order to follow the steps below, you’ll need to download the Strongbox app on your iPhone iPad or Mac.

Strongbox is a free and open source password manager that uses the KeePass file format. It’s available on iPhone, iPad and Mac.

There’s a Pro version of the app available but the free version has everything you need to import, view and edit your passwords. And if you later decide you don’t want to use Strongbox, it’s easy to use your new KeePass database with another compatible app; there’s no lock-in.

Step 1: Exporting from Enpass

  1. Open Enpass on your Mac and unlock your vault.
  2. Go to the menu bar at the top of your screen and click File > Export.
  3. You will be presented with a sidebar (see screenshot below)
  4. Ensure that the format is .json.
  5. Click on the small Folder icon under Choose Location and select a filename and location to export to.
  6. Click Export.
Enpass Export Side Bar

Step 2: Import Enpass JSON using Strongbox

Choose from the instructions below depending on whether you’re importing using your Mac or iPhone/iPad…

2a) On your Mac (macOS)
  1. Open Strongbox, and click File > Import > Enpass (JSON) menu item – see screenshot below.
  2. Locate and select the Enpass JSON file that you exported in Part 1 above. Strongbox will confirm the import was successful.
  3. You now need to set a master password for your new Strongbox database. This can be the same as your old Enpass master password if you like.
  4. Lastly, save your new Strongbox database either locally or on your favourite cloud drive.
  5. Check your entries in Strongbox to make sure all of your data has been imported successfully.
strongbox-mac-import-enpass
2b) On your iPhone or iPad (iOS)
  1. Move the Enpass JSON file that you exported in Part 1 above into a location that can be accessed by your iPhone/iPad.
  2. Open Strongbox and tap the plus symbol (+) in the top right of the screen.
  3. Tap More > Enpass (JSON)… and follow the on screen instructions
  4. Check your entries in Strongbox to make sure all of your data has been imported successfully.
import-enpass-ios

Step 3: Cleanup

  1. Delete the JSON file that you exported from Enpass.

Next Steps

If you want to get familiar with Strongbox, check out our Getting Started guide. We also have extensive help articles available.

And if you have any feedback or issues, don’t hesitate to contact our support team: support@strongboxsafe.com

Sync Passkeys With Strongbox & KeePass

Use Strongbox to save passkeys in your KeePass database and sync them across your devices.

Contents

What Are Passkeys?

Passkeys are a password replacement that allows you to log in to websites and apps by simply unlocking your device, typically with Face ID, Touch ID or a PIN code.

Passkeys don’t need to be remembered, you rely on Strongbox to remember and protect them on your behalf. They’re resistant to hacks and phishing. They are both highly convenient and highly secure.

It’s still early days for passkeys but they are becoming more widely used every day. Apple, Google, Microsoft, and others have already begun supporting passkeys.

Passkeys replace passwords with cryptographic key pairs. The public key is stored by the service that you’re requesting access to, and the private key is stored on your device (or in your Strongbox database). It’s not possible to reverse engineer the private key from the public key.

If you decided to log into your Google account using a passkey:

  1. Google would first request that you provide proof or a “signature” indicating that you know the private key that corresponds to the public key you used when you registered with Google.
  2. Strongbox checks to see if it possesses a matching private key for the requested public key.
  3. If a matching key is found, a mathematical proof or “signature” is sent to Google. This proof assures Google that you possess the matching private key and then access is granted.

This process is much more secure than simply providing a password, whilst at the same time being faster and easier to use.

Why Use Passkeys?

Passwords Can Be Weak

Weak passwords can be easily hacked or guessed. And if a password is reused across multiple services, one hacked account can lead all of the others to be compromised as well.

Strongbox (and password managers in general) already address these issues by encouraging the creation of strong and unique passwords. That said, many people continue to create weak passwords and reuse them across different websites and apps.

In contrast, passkeys are always strong, they’re never short or simple in the way that a password can be. They’re also unique to a single service. No two passkeys are the same.

Passwords Can Be Stolen

If the server for a website or app you use is hacked and your account password is stolen, attackers can have access to your account immediately.

If, on the other hand, attackers gain access to your passkey’s public key, they are not able to access your account without the corresponding private key which is only stored by Strongbox. The private key is never stored on the servers of the websites and apps you use and it cannot be guessed by obtaining the public key.

Passwords Require Extra Measures To Be Secure

Because of all of the aforementioned issues with passwords, an additional layer of security is often added in the form of multi-factor authentication. A second factor is required in addition to the password, either a time-based one time password (TOTP) code or an in-app approval. This way, even if your password is compromised, a hacker still needs this extra factor to gain access to your account.

This extra protection comes at the cost of convenience. Because of this it’s often not enabled by default and most users do not choose to enable it.

Unlike passwords, passkeys are multifactorial by design:

Passkeys are kept on a user’s devices (something the user “has”) and — if the Relying Party requests User Verification — can only be exercised by the user with a biometric or PIN (something the user “is” or ”knows”). Thus, authentication with passkeys embodies the core principle of multi-factor security.

FIDO Alliance

This means all passkeys automatically benefit from increased security without any extra set up or extra steps when signing in.

Passwords Can Be Phished

Phishing is typically achieved by an attacker creating a fake version of a website that looks very similar to the original. The target of the hack is convinced to enter their password into this fake version of the site, usually after being sent a convincing looking email with a link.

TOTP codes can also be phished in this way. The only difference is that the attacker has to log into the real site simultaneously as their target is being phished. When a TOTP code is requested by the real site, the attacker captures the TOTP code entered by the target on their fake site. This process can be automated and deployed at scale.

SIM swap attacks also allow attackers to obtain SMS codes with relative ease.

Using passkeys makes it much harder for an attacker to impersonate a website because the URL of the site you’re logging into is checked before the private key is used to authenticate. Even if the fake site is visually identically to the original, your browser and device will automatically determine that the URL doesn’t match.

Why Manage Your Passkeys With Strongbox

Data Ownership

Managing your passkeys in Strongbox gives you more control.

When you add a passkey to KeePass database in Strongbox, you can control where that passkey is stored and how it is synced between devices.

Strongbox databases can also be configured to sync using a cloud drive, WebDAV or SFTP, transferred over WiFi, USB, or AirDrop, or be local-only. When you manage your passwords and passkeys with Strongbox, you can decide how you store and back them up, and whether you copy them onto multiple devices and how that transfer is done.

Security

Protect your passkeys with state-of-the-art cryptography, brute force resistant KDFs, YubiKey support, and much more.

And everything can be configured to your exact requirements.

Portability

With Strongbox, you can be confident that you will be able to export your passkeys to a different app in the future if needed. There’s zero lock-in.

And because the default Strongbox databases format is based on the open source KeePass file format, you can access your passkeys in any KeePass compatible app on any platform, including Android, Windows and Linux.

Unfortunately we cannot offer support for passkeys on other database formats, e.g. Password Safe or older KeePass 1 (KDB) based databases, because they don’t offer the flexibility of storing new custom data items. It is relatively straightforward to convert older databases and Password Safe databases to the more flexible and modern KeePass 2 format. We have some guides on our support site for that.

Support for passkeys is coming soon to some major KeePass clients like KeePassXC, with whom we’ve worked to ensure compatibility. We’re hoping other KeePass clients can take advantage of our trail breaking here.

Step-by-Step Instructions

We’ve written a step-by-step guide on how to set up your iPhone, iPad and Mac to create and sign in with passkeys with Strongbox: Use Passkeys With Strongbox

Move Your Passwords from LastPass to KeePass on Mac

KeePass offers a number of advantages over LastPass. In this post, we’re going to explain why you might want to switch to KeePass and how to do it quickly and easily.

If you’re only interested in the how-to, you can skip straight to the step-by-step guide.

Why

Security

LastPass has a long history of security incidents and data breaches. Most famously, in August 2022, hackers gained access to LastPass user accounts and stole customer’s password vaults, names, IP addresses, phone numbers and billing addresses.

There have been several other attacks dating all the way back to 2011. For instance, in 2021, many LastPass users received emails informing them that their master passwords had been compromised. And in 2015, LastPass’ servers were compromised and attackers were able to access hashed master passwords, cryptographic salts and customer email addresses.

KeePass databases, by comparison, are not stored in a centralised location that’s vulnerable to attack. It gives you control of your data and you decide where it is stored. That could be in a cloud storage provider of your choice, on your own server, or local-only, for the ultimate security. You also have access to more advanced security settings, such as which encryption algorithm to use and whether to use a two-factor authentication method, like a YubiKey and/or a key file.

(The downside of all this control is that there’s no safety net. If you forget your master password, it cannot be recovered!)

Privacy

It was discovered in 2021 that the LastPass Android app includes several third-party trackers embedded in its code. Whilst this is not necessarily an issue, privacy conscious users have good reason to be concerned:

The amount of data does seem to be extensive, revealing information about the device in use, the cell phone carrier, the type of LastPass account, and the user’s Google Advertising ID (used to connect data about the user across apps). It’s enough data to build an extensive profile around the most private information you store.

Josh Hendrickson, Review Geek

Many KeePass apps are open source (such as Strongbox) and their code can be inspected to ensure there are no trackers present.

Portability

KeePass is an open standard file format for storing password databases. Databases are stored as KDBX files. These files can be opened and edited by any KeePass compatible app or client.

This has various advantages. For one thing, you won’t have to go through a laborious import/export process the next time you want to use a different password management app! Once you have your KDBX database file, you can instantly and seamlessly open and edit it in various other apps. This allows you to experiment and find the best app for your needs.

You could use different password management apps on your phone and your computer with the same database file. You could do the same thing with different apps for Mac and Windows computers. Cloud storage drives offer an easy way to sync the changes between different devices, but it’s also possible to use your own server, Wi-Fi transfer or a simple USB cable.

Cost

LastPass offers free and paid tiers. However, some of the more basic features are locked behind a paywall, including being able to sync your password database across multiple devices. There is also no “Lifetime” purchase option available, which means that you are stuck paying for a monthly or yearly subscription for as long as you use their service.

Because KeePass is compatible with many different apps, there are various different prices and payment options available.

There are many KeePass clients that offer basic functionality at no cost. The official KeePass app is one example. You can even extend its feature set via a library of free plug ins.

And, if you’re willing to pay, there are also great KeePass app options with better user interfaces and more advanced features. Features such as Face ID unlocking, browser AutoFill, YubiKey support, automatic backups, WebDAV and SFTP support, and much more.

Whilst LastPass (and other similar services) lock you into their payment model, once you’ve created your KeePass database, you can easily and instantly try different KeePass apps and find which one is right for you.

How to Switch to KeePass

In order to follow the steps below, you’ll need to download the Strongbox app.

Strongbox is a free and open source password manager that uses the KeePass file format. It’s available on iPhone, iPad and Mac.

There’s a Pro version of the app available but the free version has everything you need to import, view and edit your passwords. And if you later decide you don’t want to use Strongbox, it’s easy to use your new KeePass database with another compatible app; there’s no lock-in.

Pre-Switch Considerations

LastPass vaults can only be exported as CSV files. This means that usernames, emails and passwords are exported, but many other types of data are not.

For instance, it’s not possible to export file attachments from your LastPass vault. That means that you need to manually download these attachments from LastPass and then add them to your KeePass database.

Unfortunately, the same goes for notes, custom fields, addresses and TOTP codes in LastPass. After you’ve imported your LastPass logins to a new KeePass database, you’ll need to go through and manually add these back in.

Step 1 – Export a CSV from LastPass.com

  1. Go to lastpass.com
  2. Log into your account
  3. At the bottom of the left-hand column, click Advanced Options
  4. Under the Manage Your Vault heading, click Export
  5. Open the email from LastPass with the subject ‘LastPass Security Notification: Verify export’
  6. Click the Continue export link in the email to go to another webpage
  7. Go back to your vault on lastpass.com and, once again, click Advanced Options > Export
  8. Enter your LastPass master password
  9. Locate the CSV file that is downloaded to your device (called ‘download.csv)

For more detailed instructions see the guide on LastPass’ website.

Step 2a – Import Using Strongbox on Mac

  1. Open Strongbox on your Mac
  2. Click File (in the menu bar) > Import > LastPass (CSV)…
  3. Locate and select the CSV file that you exported in Part 1 above. Strongbox will confirm the import was successful
  4. You now need to set a master password for your Strongbox database. This can be the same as your old LastPass master password if you like.
  5. Lastly, save your new Strongbox database either locally or on your favourite cloud drive
  6. Check your entries in Strongbox to make sure all of your data has been imported successfully
  7. Delete the CSV file that you had exported from LastPass

Step 2b – Import Using Strongbox on iPhone/iPad

  1. Move your CSV file into a location that can be accessed by your iPhone/iPad
  2. Open Strongbox on your iPhone or iPad
  3. Tap the plus symbol (+) in the top right of the screen
  4. Tap More
  5. Tap LastPass (CSV)…
  6. Follow the instructions to create the new database
  7. Check your entries in Strongbox to make sure all of your data has been imported successfully
  8. Delete the CSV file that you had exported from LastPass

Step 3 – Add Missing Data

You should now have a KeePass database file that contains all of your logins from your old LastPass vault. The entries in your database will include usernames, emails and passwords, but not file attachments, notes, custom fields, addresses and TOTP codes. Unfortunately LastPass does not allow this extra data to be easily exported/imported.

You will need to go through your LastPass vault, manually download attachments and add them to entries in your KeePass database. And you can copy and paste any other information–such as notes and custom fields–that you would like to move across.

Next Steps

If you want to get familiar with Strongbox, check out our Getting Started guide. We also have extensive help articles available.

And if you have any feedback or issues, don’t hesitate to contact our support team: support@strongboxsafe.com