Password Manager Migration
Password Manager Migration Checklist: How To Switch Password Managers Safely
A password manager migration checklist keeps the move calm: verify recovery first, import in the right order, clean the vault, then retire old password sources after the new setup actually works.
The Short Version
When you switch password managers, the risky part is not clicking import. The risky part is losing recovery access, keeping export files around, importing duplicate junk, or forgetting that browser autofill still has old passwords saved.
Start with the free password manager migration checklist if you want a local plan you can copy or export without entering real passwords, account names, master passwords, or vault files.
Practical default
Treat password manager migration as a recovery project first and a cleanup project second. Import only after you can recover the accounts that unlock everything else.
Password Manager Migration Checklist
Phase 1
Prepare before exporting
- List every current source: browser autofill, old password manager, notes, device keychains, shared docs, and work vaults.
- Confirm recovery for primary email, device ecosystem, banking, and the old password manager before moving anything.
- Choose the destination vault settings: master password, 2FA, trusted devices, emergency access, and shared-vault structure.
Phase 2
Export and import carefully
- Export only on a trusted device, keep the file local, and delete the export after the import is verified.
- Import high-control accounts first: email, password manager, device ecosystem, banking, work admin, and developer accounts.
- Keep old vault access until you verify sign-in, recovery, and 2FA for the most important accounts.
Phase 3
Clean the vault
- Merge duplicates, remove dead accounts, and rename vague entries so future recovery is less chaotic.
- Replace reused, weak, and shared passwords before treating the migration as done.
- Move recovery codes and sensitive notes into the right vault location instead of leaving loose copies around.
Phase 4
Lock down the new setup
- Turn off browser saving where the new manager should be the source of truth.
- Add passkeys to accounts that support them, but keep recovery paths documented before removing fallbacks.
- Schedule a follow-up audit for stale exports, abandoned vaults, shared access, and emergency recovery.
Use A Safer Import Order
The best password manager migration starts with accounts that control other accounts. Low-risk shopping logins can wait. Recovery, money, identity, and work admin accounts deserve a slower pass.
| Group | Examples | Why it goes here |
|---|---|---|
| Control accounts | Primary email, device ecosystem account, old password manager | These accounts can reset or unlock everything else. |
| Money and identity | Banking, payments, taxes, healthcare, identity providers | They need verified recovery and strong 2FA before cleanup. |
| Work and admin | Work email, cloud admin, developer tools, shared services | Shared ownership and offboarding mistakes create real risk. |
| Daily apps | Shopping, subscriptions, social, forums, newsletters | These are good places to remove duplicates and rotate reused passwords. |
After You Switch Password Managers
A clean import is only the middle of the job. Use a password policy generator to write down how master passwords, 2FA, shared vaults, recovery, passkeys, exports, and reviews should work in the new setup.
If you plan to add passkeys during the migration, run a passkey readiness checklist before removing password fallback. Passkeys are excellent when recovery is ready, but stressful when a trusted device is missing.
Do Not Paste Secrets Into Migration Pages
Use categories and checklists only. Never paste real passwords, exported CSV files, master passwords, recovery keys, backup codes, identity numbers, or account names into a web checklist.
Related Migration Tools
Password Manager Migration Checklist
Build a local phased plan without entering real passwords, account names, or vault exports.
Password Policy Generator
Write rules for master passwords, shared vaults, passkeys, 2FA, rotation, and recovery.
Passkey Readiness Checklist
Check devices, recovery, shared accounts, and fallback methods before moving accounts to passkeys.
Add Friction To The Passwords That Still Matter
Passlock stores passwords in macOS Keychain and adds intentional friction with time locks, word challenges, and partner keys. It is useful for sensitive passwords you do not want to unlock on autopilot after the migration.
FAQ
What is a password manager migration checklist?
A password manager migration checklist is a phased plan for moving from browser autofill, spreadsheets, notes, or an old vault into a new password manager. It covers preparation, export, import, cleanup, recovery, and follow-up checks.
What should I do before I switch password managers?
Verify recovery for primary email, the old password manager, device accounts, banking, and work admin accounts. Set up the new manager's master password, 2FA, trusted devices, emergency access, and shared-vault rules before importing.
Should I delete the old password manager right after importing?
No. Keep the old vault until critical accounts have been tested in the new manager, 2FA and recovery are verified, duplicate entries are cleaned, and any export files have been securely deleted.
How do passkeys fit into a password manager migration?
Add passkeys after the new vault and recovery plan are stable. Passkeys can reduce password risk, but you still need trusted devices, backup access, and clear ownership for shared or work accounts.