How to Identify Passwords Migrated from LastPass That Need to be Updated
December 27, 2022
Share this blog
Many business customers have migrated from LastPass to Keeper over the past several years. As a result of recent news surrounding LastPass’ data breach, customers are asking what they should do to ensure passwords migrated from LastPass to Keeper are updated, in case backup files from LastPass that may remain on LastPass’ infrastructure, have been accessed by the attackers.
Business customers who subscribe to the Advanced Reporting & Alerts Module (“ARAM”) and the Compliance Reports module are able to perform a “password aging” report, which can identify passwords that may require updates. The report is executed through the Keeper Commander CLI tool, which is available for Windows, macOS and Linux environments. If you’re a Keeper Business or Enterprise customer who does not currently have ARAM or Compliance Reports, you can activate these features in your Keeper Admin Console.
To run a password aging report, follow the steps below:
1. Ensure ARAM and Compliance Reports are Active
Log in to the Keeper Admin Console as an administrator and visit the “Subscriptions” tab. Ensure your enterprise license includes Advanced Reporting & Alerts, and Compliance Reporting. The password aging report makes use of the audit and compliance data feeds available to customers who subscribe to these services.
If you have any questions regarding the Advanced Reporting & Alerts or the Compliance Reporting modules, please contact your Keeper customer success team or visit the links below.
Keeper Commander is a command-line and SDK interface to Keeper Enterprise. Commander can be used to access and control your Keeper vault, run reports and perform advanced administration. Keeper Commander is an open source project with contributions from Keeper’s engineering team and partners.
The output of the aging report will tell you which record passwords have NOT been updated in the requested time period. The “Last Password Change” column represents the date of the last password change event. The “Record Title” is decrypted locally either using the current user’s private keys or the enterprise key, depending on the level of administrative access. The “Shared” column indicates if the record is shared with other users. The Record URL contains the direct hyperlink to the Web Vault and Record UID that can be used for further investigation.
5. Delete Local Files
After you have run the necessary reports, we recommend deleting any files on disk which contain plaintext reports. The use of the aging report will store a local file in the Keeper Commander working directory called sox_<ID>.db which is an SQLite file that contains encrypted data used during the generation of the report. We recommend deleting this file from the filesystem once you are finished analyzing data.
If you have any questions or need help, please email us at email@example.com.
Craig Lurey is the CTO and Co-Founder of Keeper Security. Craig leads Keeper’s software development and technology infrastructure team. Craig and Darren have been active business partners in a series of successful ventures for over 20 years. Prior to building Keeper, Craig served at Motorola as a software engineer creating firmware for cellular base station infrastructure and founded Apollo Solutions, an online software platform for the computer reseller industry which was acquired by CNET Networks. Craig holds a bachelor’s degree in Electrical Engineering from Iowa State University.
Get the latest cybersecurity news and updates sent straight to your inbox
Share this blog
You May Also Like
2023 Keeper Retrospective: A Year of Growth, Innovation and Appreciation
As we conclude a record-breaking year of growth at Keeper Security, I believe it’s important to take time to reflect on our achievements and appreciate the people who helped make 2023 a special year. Keeper experienced...