Roll-your-own LastPass Premium

Use your LastPass usernames and passwords in Safari on your iOS device without paying for a LastPass Premium subscription.  Using a bit of scripting, you can roll-your-own Last Pass freemium without paying a dime!

That said, it is far from perfect (see caveats below), but it is a great way to have access to your LastPass passwords on iOS without paying for a premium subscription (although, it is reasonably-priced).

This will work best if you have hundreds of accounts and passwords that you want to have in the iCloud Keychain.  It automates most of the process.

Explain How It Works In One Sentence

From a .csv file, a script is used to automatically: open each Website, type in the username and password, and click the “Save Password” button, thus, saving the credentials to the iCloud keychain.

loginexample

savepwd example

Original Attempts and Failures

I first tried importing the exported passwords directly into the Login keychain using the security command and then dragging them over into the iCloud keychain (with the help of a script to type my password in).  While this seemed to work at first, it didn’t actually sync the password to iCloud.  As it turns out, the iCloud keychain is not a regular keychain file, it is a database.  Apple obfuscates this somehow, which seemed too difficult to try to figure out, so instead, I decided it would be easier to add the passwords the way they would normally get added: by logging into Website via Safari.

The problem was that I had about 200 accounts and passwords to import over.  The thought of typing in each url, typing in the username, and then pasting in the password, didn’t seem very appealing.  So I tried to automate as much as I could.  This script will open each URL you have an account for, type in the username and password, and click the save password button.  All you need to do is click Log In once the fields are filled and then close the window to move on to the next site.

Caveats

I basically tried to figure out how a password manager detects login fields and go from there, so there is a lot of room for improvement, but I basically just wanted to automate as much of the process as I could.

  • Only works on OS X
  • Will not work with every site simply because each site is coded so differently (I was able to get about 75% of my LastPass passwords into iCloud via this script within an hour)
  • Manual intervention needed for sites that have some sort of overlay login screen that doesn’t appear when the page first loads
  • Manual intervention needed for sites that don’t show the password field until you enter your username and press Enter

Disclaimer

If you feel like you want to do this, you do so at your own risk.  This isn’t an “app” or production quality software–it is just a little script that I found useful to accomplish a manual task.  It’s not meant to be anything more than a crude way to get your passwords into the iCloud keychain.  If you are familiar with the command line and comfortable with technology, you can probably figure this out.  There isn’t really anything that this script will do that will damage your system, but if it seems like too much, don’t do it.

Requirements

It would be helpful if you are familiar with LastPass, iCloud, Terminal, and Keychain Access but it’s not required, as I try to walk through each step so most people can understand what to do.  But you will need the following:

  1. A Mac running OS X Mavericks (the only OS I tested this on)
  2. A LastPass free account
  3. An Apple ID/iCloud account

Scripts / Downloads Needed

  1. lp2icloud.py
  2. tccutil.py (optional–for advanced users to add apps to the Accessibility database)

Step-by-step Walkthrough

As this is a roll-your-own solution, it won’t work exactly like LastPass Premium so don’t expect perfection, but if you are like me, the free option works “good enough.”  You also don’t get any of the other features, this simply tries to get your LastPass passwords onto your iDevice without a LastPass Premium subscription.

Conceptual Overview

  1. Export LastPass passwords to a .csv file
  2. Parse the URL, username, and password from the file (script does this)
  3. Use this information to open a Website and fill in the appropriate fields (script does this)
  4. Let the user manually click the login button and then close the window once the password is saved
  5. Passwords should sync to iDevices automatically since they were saved in Safari

Verify Pre-requisites

Verify LastPass Login URLs Are Correct (optional)

You can skip this if you want, but I recommend doing it.  Sometimes, when you save a password to LastPass, it saves the URL as the signup URL and not the login URL.  So if you go through each entry in your LastPass vault and make sure it opens up the login URL of the site, this process will go much smoother.  Unfortunately, this part can also take a while if you have a lot of accounts.

Install Python osascript

Install pip if you don’t have it, which will be used to install Python osascript.

sudo easy_install pip
sudo pip install osascript

There are other ways to run applescript in Python, but this method allowed me to copy/paste my Applescript right into the Python script.

Add Apps to the Accessibility Database

This allows the Mac to control the GUI (click buttons and type stuff in so you don’t have to)

You will need to add Terminal to the accessibility database, which will let your computer control your Mac.  Just drag-and-drop it in (and make sure the box is checked).

terminialaccessibility

If you try to run the script before allowing Terminal access to assistive devices, you will get a prompt to do so, so save yourself a step and add it in now.

terminalrequest

If you are an advanced user or are looking to script this process, just use tccutil.py to add the app to the accessibility database:

Export Your Passwords

  1. Export your passwords from LastPass to a .csv  file by going to Tools > Advanced Tools > Export To > LastPass CSV File from the browser extensionlaspasscsvexport
  2. Download the file to your computer

Modify The Script

Below is a trimmed down version of the script (fully-commented script available here).  You will need to edit the script to point to the password file you downloaded (the line to modify is highlighted below).

#!/usr/bin/python
#---------IMPORTS-----------
import csv
from osascript import osascript
from os import system

#--------VARIABLES----------
cr = csv.reader(open("~/Downloads/exported_passwords.csv","rb"))

#---------SCRIPT------------
##############################
def escape_password(password):
	escaped_password = ''
	for c in range(0, len(password)):
		# Escape characters that will cause syntax problems in the script
		if (password[c] == "\\"):
			escaped_password+="\\\\"
		elif (password[c] == '"'):
			escaped_password+="\\\""
		elif (password[c] == "'"):
			escaped_password+="\\\'"																	
		else:
			escaped_password+=str(password[c])
	return escaped_password


for idx,row in enumerate(cr):
	if row[0] == "http://sn":
		pass
	else:
		if row[1] == "username":
			pass
		elif row[2] == "password":
			pass		
		elif row[4] == "name":
			pass
		else:
			username = row[1]
			password = row[2]
			fixed_password = escape_password(password)
			url = row[0]
			server = row[4]
			print str(idx) + ":	" + server
			print username
			print password
			osascript('''
			on open_url(address)
			tell application "Safari"
				close every window
				activate
				open location address
			end tell
			end open_url



			on wait_for_page_to_load()
			delay 0.5
			tell application "Safari"
			repeat
				set thePage to source of document in window 1
				if thePage contains "</html>" then
					return true
					exit repeat
				else
					delay 0.5
				end if
			end repeat
			end tell
			end wait_for_page_to_load




			on fill_in_fields(username, passwd)
			tell application "System Events"
				tell process "Safari"
					repeat until not (exists window 1)
					set allUIElements to entire contents of window 1
					repeat with anElement in allUIElements
					try
						if role description of anElement is "text field" then
							set value of anElement to username
						else if role description of anElement is "secure text field" then
							set value of anElement to passwd
						end if
					end try
					end repeat
					
					try
						click button "Save Password" of sheet 1 of window 1
					end try
					end repeat
				end tell
			end tell
			end fill_in_fields
	
	
	
	
			open_url("%(url)s")
			wait_for_page_to_load()
			fill_in_fields("%(username)s", "%(fixed_password)s")

			''' % locals())

 

  1. Save the script as lp2icloud.py  after you have modified it

Make The Script Executable

  1. Open Terminal and run this command (modifying the path as necessary)
chmod 755 ~/Downloads/lp2icloud.py

Run The Script

Now the fun begins!  The script will check the first entry in your password file and open the corresponding URL.  It will attempt to enter the username and password for you.  The only two things you need to do are:

  1. Click the login or sign in button
  2. Close the window to move on to the next site in the file

I would set the screen up so the browser is on one half and Terminal on the other, so you can see the progress of the script and easily copy/paste your passwords if the script didn’t do it for you.

screensetup

Be patient on some sites as is continually looking for text fields to fill in and can’t always find them right away.  If your username and password did not get entered automatically, it appears in the output of Terminal so that you can copy and paste it in.  Then just click login, close the window, and the next site will open up.

You can stop the script at any time by typing Ctrl+C in Terminal.  However, it will restart from the beginning of the file the next time you start.

Troubleshooting

Safari is not asking to save passwords

  • Go to Safari > Preferences > Passwords tab, and make sure Autofill usernames and passwords is checked

Passwords are not showing up on iOS

  • Go to Settings > Safari > Passwords & AutoFill and make sure that Names and Passwords is on
  • Make sure Private Browsing is turned off as passwords won’t autofill in this mode
  • Some sites may redirect to a different URL on a mobile device, and if the password is tied to a different URL, it might not work

Appendix

All Commands for Advanced Users

sudo easy_install pip
sudo pip install osascript
chmod 755 ~/Downloads/lp2icloud.py
sudo mv ~/Downloads/tccutil-1.0/tccutil.py /usr/sbin
sudo chmod 755 /usr/sbin/tccutil.py
sudo /usr/sbin/tccutil.py -i com.apple.Terminal
~/Downloads/lp2icloud.py

Leave a Reply