Use your LastPass usernames and passwords in Safari on your iOS device without paying for a LastPass Premium subscription. Using a bit of scripting, you can roll-your-own Last Pass freemium without paying a dime!
That said, it is far from perfect (see caveats below), but it is a great way to have access to your LastPass passwords on iOS without paying for a premium subscription (although, it is reasonably-priced).
This will work best if you have hundreds of accounts and passwords that you want to have in the iCloud Keychain. It automates most of the process.
Explain How It Works In One Sentence
From a .csv file, a script is used to automatically: open each Website, type in the username and password, and click the “Save Password” button, thus, saving the credentials to the iCloud keychain.
Original Attempts and Failures
I first tried importing the exported passwords directly into the Login keychain using the security command and then dragging them over into the iCloud keychain (with the help of a script to type my password in). While this seemed to work at first, it didn’t actually sync the password to iCloud. As it turns out, the iCloud keychain is not a regular keychain file, it is a database. Apple obfuscates this somehow, which seemed too difficult to try to figure out, so instead, I decided it would be easier to add the passwords the way they would normally get added: by logging into Website via Safari.
The problem was that I had about 200 accounts and passwords to import over. The thought of typing in each url, typing in the username, and then pasting in the password, didn’t seem very appealing. So I tried to automate as much as I could. This script will open each URL you have an account for, type in the username and password, and click the save password button. All you need to do is click Log In once the fields are filled and then close the window to move on to the next site.
I basically tried to figure out how a password manager detects login fields and go from there, so there is a lot of room for improvement, but I basically just wanted to automate as much of the process as I could.
- Only works on OS X
- Will not work with every site simply because each site is coded so differently (I was able to get about 75% of my LastPass passwords into iCloud via this script within an hour)
- Manual intervention needed for sites that have some sort of overlay login screen that doesn’t appear when the page first loads
- Manual intervention needed for sites that don’t show the password field until you enter your username and press Enter
If you feel like you want to do this, you do so at your own risk. This isn’t an “app” or production quality software–it is just a little script that I found useful to accomplish a manual task. It’s not meant to be anything more than a crude way to get your passwords into the iCloud keychain. If you are familiar with the command line and comfortable with technology, you can probably figure this out. There isn’t really anything that this script will do that will damage your system, but if it seems like too much, don’t do it.
It would be helpful if you are familiar with LastPass, iCloud, Terminal, and Keychain Access but it’s not required, as I try to walk through each step so most people can understand what to do. But you will need the following:
- A Mac running OS X Mavericks (the only OS I tested this on)
- A LastPass free account
- An Apple ID/iCloud account
Scripts / Downloads Needed
As this is a roll-your-own solution, it won’t work exactly like LastPass Premium so don’t expect perfection, but if you are like me, the free option works “good enough.” You also don’t get any of the other features, this simply tries to get your LastPass passwords onto your iDevice without a LastPass Premium subscription.
- Export LastPass passwords to a .csv file
- Parse the URL, username, and password from the file (script does this)
- Use this information to open a Website and fill in the appropriate fields (script does this)
- Let the user manually click the login button and then close the window once the password is saved
- Passwords should sync to iDevices automatically since they were saved in Safari
- The LastPass binary needs to be installed so that you can export your credentials to a .csv format
- The iCloud Keychain should be enabled (on both the Mac and an iDevice)
- Python osascript is needed for running AppleScript in Python
- tccutil.py (optional)
Verify LastPass Login URLs Are Correct (optional)
You can skip this if you want, but I recommend doing it. Sometimes, when you save a password to LastPass, it saves the URL as the signup URL and not the login URL. So if you go through each entry in your LastPass vault and make sure it opens up the login URL of the site, this process will go much smoother. Unfortunately, this part can also take a while if you have a lot of accounts.
Install Python osascript
Install pip if you don’t have it, which will be used to install Python osascript.
sudo easy_install pip sudo pip install osascript
There are other ways to run applescript in Python, but this method allowed me to copy/paste my Applescript right into the Python script.
Add Apps to the Accessibility Database
This allows the Mac to control the GUI (click buttons and type stuff in so you don’t have to)
You will need to add Terminal to the accessibility database, which will let your computer control your Mac. Just drag-and-drop it in (and make sure the box is checked).
If you try to run the script before allowing Terminal access to assistive devices, you will get a prompt to do so, so save yourself a step and add it in now.
If you are an advanced user or are looking to script this process, just use tccutil.py to add the app to the accessibility database:
Export Your Passwords
- Export your passwords from LastPass to a .csv file by going to Tools > Advanced Tools > Export To > LastPass CSV File from the browser extension
- Download the file to your computer
Modify The Script
Below is a trimmed down version of the script (fully-commented script available here). You will need to edit the script to point to the password file you downloaded (the line to modify is highlighted below).
#!/usr/bin/python #---------IMPORTS----------- import csv from osascript import osascript from os import system #--------VARIABLES---------- cr = csv.reader(open("~/Downloads/exported_passwords.csv","rb")) #---------SCRIPT------------ ############################## def escape_password(password): escaped_password = '' for c in range(0, len(password)): # Escape characters that will cause syntax problems in the script if (password[c] == "\\"): escaped_password+="\\\\" elif (password[c] == '"'): escaped_password+="\\\"" elif (password[c] == "'"): escaped_password+="\\\'" else: escaped_password+=str(password[c]) return escaped_password for idx,row in enumerate(cr): if row == "http://sn": pass else: if row == "username": pass elif row == "password": pass elif row == "name": pass else: username = row password = row fixed_password = escape_password(password) url = row server = row print str(idx) + ": " + server print username print password osascript(''' on open_url(address) tell application "Safari" close every window activate open location address end tell end open_url on wait_for_page_to_load() delay 0.5 tell application "Safari" repeat set thePage to source of document in window 1 if thePage contains "</html>" then return true exit repeat else delay 0.5 end if end repeat end tell end wait_for_page_to_load on fill_in_fields(username, passwd) tell application "System Events" tell process "Safari" repeat until not (exists window 1) set allUIElements to entire contents of window 1 repeat with anElement in allUIElements try if role description of anElement is "text field" then set value of anElement to username else if role description of anElement is "secure text field" then set value of anElement to passwd end if end try end repeat try click button "Save Password" of sheet 1 of window 1 end try end repeat end tell end tell end fill_in_fields open_url("%(url)s") wait_for_page_to_load() fill_in_fields("%(username)s", "%(fixed_password)s") ''' % locals())
- Save the script as lp2icloud.py after you have modified it
Make The Script Executable
- Open Terminal and run this command (modifying the path as necessary)
chmod 755 ~/Downloads/lp2icloud.py
Run The Script
Now the fun begins! The script will check the first entry in your password file and open the corresponding URL. It will attempt to enter the username and password for you. The only two things you need to do are:
- Click the login or sign in button
- Close the window to move on to the next site in the file
I would set the screen up so the browser is on one half and Terminal on the other, so you can see the progress of the script and easily copy/paste your passwords if the script didn’t do it for you.
Be patient on some sites as is continually looking for text fields to fill in and can’t always find them right away. If your username and password did not get entered automatically, it appears in the output of Terminal so that you can copy and paste it in. Then just click login, close the window, and the next site will open up.
You can stop the script at any time by typing Ctrl+C in Terminal. However, it will restart from the beginning of the file the next time you start.
Safari is not asking to save passwords
- Go to Safari > Preferences > Passwords tab, and make sure Autofill usernames and passwords is checked
Passwords are not showing up on iOS
- Go to Settings > Safari > Passwords & AutoFill and make sure that Names and Passwords is on
- Make sure Private Browsing is turned off as passwords won’t autofill in this mode
- Some sites may redirect to a different URL on a mobile device, and if the password is tied to a different URL, it might not work
All Commands for Advanced Users
sudo easy_install pip sudo pip install osascript chmod 755 ~/Downloads/lp2icloud.py sudo mv ~/Downloads/tccutil-1.0/tccutil.py /usr/sbin sudo chmod 755 /usr/sbin/tccutil.py sudo /usr/sbin/tccutil.py -i com.apple.Terminal ~/Downloads/lp2icloud.py