Passkeys Are Getting a Big Improvement
Credit: Getty Images / Unsplash+
Toggle Dark Mode
While passkeys have already allowed many websites and password managers to move us into a more secure future without traditional passwords, the technology has one glaring limitation: there’s no standard way to transfer your passkeys between platforms.
For instance, while Apple’s new Passwords app in iOS 18 and macOS Sequoia has native support for passkeys, folks who want to move over from a third-party password manager like 1Password have no easy way of bringing those passkeys over. Unlike passwords, passkeys can’t be exported from 1Password, and the same is true for most other password managers.
That currently leaves folks who want to switch password managers with no choice but to visit each site where they use a passkey and create a new one in their password manager of choice — a time-consuming process that also risks leaving some behind if they’re not careful.
To be fair, it’s not entirely the fault of the companies developing password managers. Passkeys are complex, and the FIDO Alliance, which is responsible for the standard, hasn’t created a standard way of exchanging passkeys between platforms. There’s little point for developers to cobble together their own formats for importing and exporting passkeys unless those files are interoperable with other password managers. Plus, passkeys are supposed to be much more secure than passwords, and there’s the problem of passkeys becoming easily compromised if this isn’t done right.
Thankfully, that’s about to change. This week, the FIDO Alliance announced a new draft specification for secure credential exchange that will allow passkeys to be securely moved between different password managers and other platforms.
While the spec is still in its draft stages, which means it will be at least a few months before we see it come to fruition, we can be pretty confident that all the big players will be on board. That’s because the spec was created by the FIDO Alliance’s Credential Provider Special Interest Group, whose membership consists of 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung, and SK Telecom.
With this rising momentum, the FIDO Alliance is committed to enabling an open ecosystem, promoting user choice and reducing any technical barriers around passkeys. It is critical that users can choose the credential management platform they prefer, and switch credential providers securely and without burden. Until now, there has been no standard for the secure movement of credentials, and often the movement of passwords or other credentials has been done in the clear.FIDO Alliance
The new specifications are the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) and define a standard for transferring not only passkeys between password managers but also traditional passwords and other credentials — and doing so in a secure manner so that they can’t be intercepted in transit.
Both 1Password and Dashlane have already committed to adopting the spec as soon as it’s finalized, which isn’t surprising given that they helped draft the new standard.
These specifications provide a universal format and secure mechanism for transferring all kinds of credentials. That includes passkeys, traditional passwords, and everything else typically handled using a CSV file.Nick Steele, 1Password
At this stage, the specifications still need to be examined by security researchers and other industry experts. They’re in a review and comment period right now and will likely undergo several changes before they’re fully approved, as feedback is received and necessary adjustments are made to improve security.
