Written by 
As passkeys represent the most successful effort to kill traditional passwords to date, the tech industry is trying to fix one drawback with the technology by making it possible to export and import passkeys from one platform to another.
On Monday, the FIDO Alliance—an association made up of the top tech companies—announced a new industry effort to “securely move passkeys” across providers and revealed draft specifications for a new protocol and format to exchange passkey data.
“Secure credential exchange is a top priority for the alliance because it can enhance user experience and until now, there has been no safe way to transfer this information between vendors,” the alliance said.
This Tweet is currently unavailable. It might be loading or has been removed.
Users can already create passkeys using software from Apple, Google, and Microsoft, in addition to password managers. And ideally, you’d be able to share and sync the same collection of keys across platforms. But currently, passkeys are confined to each company’s software ecosystem, which can force users to create duplicate keys for a single login.
To address this restriction, a passkey on one device can be used to unlock access on another through the use of QR codes. But now, the FIDO Alliance is trying to make true interoperability a reality with the aim of “reducing any technical barriers” around passkey technology. “It is critical that users can choose the credential management platform they prefer, and switch credential providers securely and without burden,” the association added.
The draft specifications focus on ensuring any importing/exporting of passkeys will be encrypted, compared with how moving passwords from one platform to another usually involves displaying them in plain text within a CSV file. At the time, the specifications will need to prevent hackers from abusing the interoperability to steal passkeys.
It’ll take time for the alliance to cement the specifications for commercial adoption. But once standardized, “these specifications will be open and available for credential providers to implement so their users can have a secure and easy experience when and if they choose to change providers,” the FIDO Alliance said.
Recommended by Our Editors
The association is accepting feedback on the draft specifications through GitHub. Companies including 1Password, Bitwarden and Google, among others, helped contribute to the specifications.
In a blog post, 1Password added: “These specifications provide a universal format and secure mechanism for transferring all kinds of credentials. That includes passkeys, traditional passwords, and everything else typically handled using a CSV file.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
Read the latest from Michael Kan