[diggan]

> The only way passkeys make sense is in terms of vendor lock in.

This is what I've figured as well, and even if my password manager claims "eventually we'll support it, once it's available" (https://blog.1password.com/fido-alliance-import-export-passk...), I've been putting it off until the implementation is actually in place.

But the question is when that'll be. Last I've heard about the whole "Risk of lock-in from export blocking" is:

> The general vibe is supportive and language has been added to this effect, though it looks like we haven't done a public working draft in some time so I don't think that's externally visible yet. Also usual caveats about in-progress work subject to change.

https://github.com/fido-alliance/credential-exchange-feedbac...

I guess time will tell. But for now, considering the history of lock-in on the web, it's best to stay away from Passkeys for now, until they figure out a proper way of avoiding it.

[trollbridge]

Bitwarden is the one vendor that doesn’t do lock in (since you can export your passkeys). Which also means you can back them up.

The rest of the platforms give you zero ability to export or back up your passkeys, which makes them worse than useless.

[Longhanks]

Apple also announced passkey import and export is coming this fall with iOS 26 (and their other OSes): https://developer.apple.com/videos/play/wwdc2025/279/

[diggan]

> We'll explore key updates including [...] and the secure import/export of passkeys

Have they shared any details about if this is actually cross-provider/platform import/export? I feel like if Apple doesn't outright share those details, they're talking about import/export within the Apple ecosystem.

[dcow]

No, in this case it is actually an industry standard: https://fidoalliance.org/specifications-credential-exchange-...

[diggan]

Nothing of the info Apple published so far seems to indicate that they'll implement that. And again, based on the track record of Apple, feels unlikely they won't implement something on their own.

[tzs]

From the video cited upthread: "This transfer uses a data schema that was built in collaboration with the members of the FIDO Alliance. It standardizes the data format for passkeys, passwords, verification codes, and more data types"

[dyml]

I worked on this standard and we’re all excited that it’s rolling out to most of not all password managers and platforms.

[yellow_postit]

Let’s see — Apples track record of interoperability isn’t great unless dragged by regulatory bodies. Managing private emails at scale to migrate away from Apple for instance is wildly painful.

[dcow]

There is an industry standard being deployed for passkey (and other credential) import/export so that everything will work together seamlessly. Most players are waiting for that so there aren’t N different formats floating around that only work with subsets of other PW managers, which is a real problem now.

[EvanAnderson]

I'll believe it when I see it. So far I'm with the "Passkeys are for vendor lock-in" crowd and keeping my distance from them.

[l11r]

Apple already implemented Import/Export according to FIDO standard in their iOS 26: https://developer.apple.com/videos/play/wwdc2025/279/?time=1...

Standards themselves:

https://fidoalliance.org/specs/cx/cxf-v1.0-rd-20250313.html

https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20241003.html

[diggan]

I tried finding anything in the transcript that mentions that import/export explicitly will be the open standards, but they seem to mention "FIDO" and import/export in different contexts, not together.

Maybe I missed something?

[EvanAnderson]

These drafts both look reasonable. I wasn't aware they'd progressed beyond vaporware and I'm pleasantly surprised.

[diggan]

re Bitwarden Passkeys export/import, I found this:

> Q: Are stored passkeys included in Bitwarden imports and exports?

> A: Passkeys are included in .json exports from Bitwarden. The ability to transfer your passkeys to or from another passkey provider is planned for a future release.

https://bitwarden.com/help/storing-passkeys/#passkey-managem...

But I'm not sure I understand the last part, how is the "ability to transfer your passkeys to another passkey provider" planned for a future Bitwarden release, if the Passkeys are already included in the export data? Wouldn't that be up to other Passkey providers to implement the import? Or is the export data not complete enough for an import?

[Uvix]

Yes, other providers could theoretically import Bitwarden’s proprietary format. Bitwarden’s reference to a future release is regarding the standardized import/export of passkeys that is in development: https://fidoalliance.org/fido-alliance-publishes-new-specifi...

[dyml]

I work at bitwarden and I can confirm this. While technically you have the data, any other app need to support our json format (which they totally can, our code is open source) - but CXP (the standard) is happening this year so we’re planning on using it.

[signal11]

1Password are working with Microsoft to integrate more with Windows’ passkey APIs.

The real test will be, how easy is it to move passkeys from say 1Password to Keepass XC (open source). It’s on my todo list.

For now, 1P’s passkey support appears to work quite well with all the sites I’ve tried. I’ve got multiple devices (Linuxes, macOS, Windows) and passkeys just work. I like the fact that 1P is cross platform, but after all it too is proprietary.

[diggan]

> how easy is it to move passkeys from say 1Password to Keepass XC (open source). It’s on my todo list.

AFAIK, there is no export from 1Password with Passkeys yet, so maybe better to put it in your calendar to check back in 6 months or so.

> passkeys just work

Yeah, I'm not doubting that, but I cannot reasonable base my core authentication on something that locks me to one service, that just feels to irresponsible. Hence the wait for proper import/export before spending any time on this :)

[jgalt212]

Truth. With passwords, you don't even need a service open or closed. You can just write them down on an air gapped piece of paper.