Time to upgrade from saving account logins and passwords in a single Safari browser and moving into a cloud-based password locker like LastPass so that account info can be securely accessed from multiple devices and multiple locations.

Found this help MacWorld article “How to migrate browser-stored passwords to a password  [ed.note: I couldn’t get this to work, but your mileage may vary]:

1Password can natively import a few text formats, like comma-separated values and LastPass exports. But it doesn’t include any tools for importing from Safari or from Keychain Access. Instead, a 1Password user has created documentation for iCloud Keychain exporting and a script that converts many password-storage formats into one compatible with 1Password.

1) Use Keychain Access on OS X to create a new keychain. User will be asked to select a password for the new keychain. In my testing it was critical that this be the same as my login password for OS X.

2) Use copy/paste to populate the new keychain with about 160 records from iCloud into the new keychain. This is actually kind of complicated because it involves all the metadata for each account, not just the password. cmd-c and cmd-v won’t do the job. I had to go through and select the records I wanted, then right-click and choose “Copy 160 items,” then go to the new keychain, right-click, and choose “past 160 items.”

3) Then comes hardest part. Either one endures the maddening series of entering the keychain password and clicking “OK” 160 times in a row, or editing and learning to use the applescript provided by another forum user. I chose the latter, and repeat the script here for completeness:

tell application “System Events”
repeat while exists (processes where name is “SecurityAgent”)
tell process “SecurityAgent”
set value of text field 1 of window 1 to “password”
click button “OK” of window 1
end tell
delay 0.2
end repeat
end tell

To use this script, the user can open the OS X application “Script Editor.” Paste the lines above into the editor, and substitute the word “password” with the user’s login password.

After I right-clicked and selected “paste 160 items,” I had to go to the open Script Editor window and click the triangular “Play” button. Then watch as my obscured login password was entered followed by a click on the “OK” button 160 times. Took less than a minute.

4) After closing Keychain access, in the OS X the command line, i typed

security dump-keychain -d new.keychain > keychain.txt

note that “new.keychain” must be replaced with whatever the user chooses as a name to hold the credentials being transferred.

5) Convert and import the keychain.txt file as per the convert_to_1p4 README file (use the keychain.txt file, or whatever you call it, as the name of the to-be-converted file instead of pm_export.txt).

Advertisements