It is a shame that nothing is being done here and update notes (at least for the Mac version) are misleading. They state that import of passkeys is possible from 1PUX files if they belong to the same 1password version. But somewhere else it says that export omits passkeys. This is unacceptable. We are using 1password as a company as well and this could seriously be a "deal-breaker" after 2.5 years! 1Password Version: latestExtension Version: latestOS Version: macOSBrowser: Safari

Hello rgev! 👋 (I've merged your two comments into a single thread.) Thanks for reaching out. Passkeys saved in 1Password can’t be exported at this time. We’re working closely with platform vendors and other password managers through the FIDO Alliance to create a secure way to import and export passkeys. We believe it’s your choice where to store and use your passkeys. There is no logical reason not tot offer a passkey export to 1password. There isn't currently a standard encrypted export format available (this is what is being worked on) and the only current option would be to export the passkey to plain text. Passkeys can't be viewed in plain text by design, it's an important part of their resistance to phishing and one of the ways in which they provide better security than passwords. A passkey can only be used on the service that it was made for. If a passkey could be viewed in plain text then it could be phished just like a password can. Out of curiosity, why were you looking to export your passkeys? They state that import of passkeys is possible from 1PUX files if they belong to the same 1password version. But somewhere else it says that export omits passkeys. This note, for a version of 1Password from over a year ago, refers to an early iteration of passkey export/import that has since been deprecated in favour of the secure method that is being developed by 1Password and our partners. Hopefully we’ll have more to share soon. -Dave

thecatfix 1Password is working with our partners at the FIDO Alliance to create a way to securely export and import passkeys between password managers so that you can take your passkeys with you if you decide to leave 1Password (or bring your passkeys to 1Password from another password manager). I do have some good news to share! We've just published an update on the subject over the weekend, outlining the new draft specifications that are being proposed, on our blog: New FIDO Alliance Specs: Importing and Exporting Passkeys -Dave

+1 for requesting this, following the fact that Apple have obviously managed it following FIDO standards according to them

Dave, I am using 1password since Roustem started this app. But today for the very first time I feel very very strange. There is no logical reason not tot offer a passkey export to 1password. It seriously looks like there is some political reason behind it, talking about "lock in" with password managers. We are using 1password within our software company. So everyone has a very technical view on this as well. IF you do not address this issue it will have an impact on the technically oriented users. It does not give a lot of reassurement what you are writing here. It sounds like "wait and see" for more than a year now. Best, R

It’s probably due to the fact users want to export passkeys, because they are looking to move over to another password managers. I love how the password manager providers love to talk about pass keys and then this is your response. You’re literally just trying to protect revenue with that response.

Feature Request: Passkey export support

19 Replies

mkhoatd
New Contributor
21 hours ago
https://developer.apple.com/documentation/authenticationservices/ascredentialexportmanager
Bitwarden already support this. I can export items between Password and Bitwarden
1P_Dave
Moderator
3 days ago
Hello folks,

Thank you for your continued patience as 1Password and our industry partners work toward a standardized, secure way to move passkey credentials between credential managers. Earlier this year, the FIDO Alliance published the Credential Exchange Format (CXF) as a Proposed Standard. You can read more about it here: Portability without compromise: 1Password helps author a new standard for secure credential transfer

CXF lays the groundwork to enable portability of passkeys (and other credentials) without compromising security. Implementing this functionality is something that our team is actively working towards.

-Dave
NoSync
New Contributor
11 days ago
This was supposedly “coming soon” in October 2024: https://1password.com/blog/fido-alliance-import-export-passkeys-draft-specs
What happened? Talk about overpromising…
PastaShock
Frequent Contributor
3 months ago
I have completely given up on Passkeys. They are nothing more than vendor lock-in. Nobody is in a rush to implement export, because they don't want to lose the vendor lock-in.
Security is also only as good as the weakest link. If I set up a Passkey but can't disable my password and ONLY use a passkey + TOTP code, then I have only gained convenience and not security.
And Passkeys CAN be exported as plain text. Keepass lets me do it. The FIDO Alliance just refuses to allow it.
Maybe I'll revisit Passkeys when everyone gets their head out of their *** and does it properly. But without proper export and import, and the ability to disable password login, Passkeys are just an alpha product at best.
Former Member
4 months ago
Are there any updates on this? If Apple implemented it, I suppose Credential Exchange Protocol and Credential Exchange Format standards are already defined? What is stopping 1Password from implementing this?
- 1P_Dave
  Moderator
  4 months ago
  Thanks for following up! I don't have any updates to share at the moment, however this is something that our team is actively working on with our partners at the FIDO Alliance. Hopefully we'll have more news to share soon!
  
  -Dave
rctneil
Super Contributor
7 months ago
Any updates on Passkey Export and Import? I know Apple announced they will support it in their OS26 releases so it would be good to get an official update from 1Password about it.
- 1P_Dave
  Moderator
  6 months ago
  rctneil
  
  I don't have any updates to share at the moment. Our team is definitely keeping an eye on WWDC and is continuing to work with our partners in the FIDO Alliance on the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF) standards.
  
  -Dave
  - okohll
    New Contributor
    6 months ago
    +1 for requesting this, following the fact that Apple have obviously managed it following FIDO standards according to them
PastaShock
Frequent Contributor
8 months ago
Sounds to me like I will never get what I want. I don't want to transfer my passkeys to another credential provider. I want to export them and back them up
PastaShock
Frequent Contributor
8 months ago
What's the status of passkey export?

This isn't just a 1Password problem. Why the heck was export and import not part of the spec when passkeys first came out? The FIDA alliance are bunch of smart people.

I've read that the FIDO Alliance is working on adding export and import as part of the spec, but it will be an OPTIONAL feature, not MANDATORY.

Passkeys = vendor lock-in.

No, thank you.

Yes, I see the advantages of passkeys. But being locked into a vendor because you can't move your passkeys makes it DOA. I'm sure 1Password doesn't think this way, but I guarantee you Apple. Google and Microsoft all immediately saw that lack of export/import and they immediately saw the vendor lock-in potential.

If the FIDO Alliance isn't going to offer passkey export as part of the spec in a timely manner, I think 1Password should figure out their own solution and deploy it.

The only software that lets you export passkeys right now is Keepass.

I had about a half dozen passkeys set up. I have deleted them all and gone back to a password with 2FA.
- 1P_Dave
  Moderator
  8 months ago
  PastaShock
  
  Thanks for reaching out! 1Password is currently working with our partners at the FIDO Alliance on the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF) that will allow users to securely transfer passkeys from one credential manager to another. You can read more on our blog: Coming soon: Securely import and export passkeys (I posted this elsewhere in this thread but I'm sharing it here as well in case it was missed by anyone.)
  
  Passkeys are designed to be more resistant to phishing than passwords and it's important that any export functionality does not undermine that security feature. It's also important that any exported passkeys can be imported by other password managers (otherwise the feature won't be very useful), which is why it's important for us to work with our partners at the FIDO Alliance to develop an industry standard that is compatible with, and adopted by, all password managers.
  
  For the time being, you can create a new passkey for a website any time within your new password manager and remove any existing passkeys from other providers. Hopefully there will be more news to come soon!
  
  -Dave
1P_Dave
Moderator
2 years ago
rgev

Thanks for sharing that article. 1Password is working to make passkeys are intuitive and accessible to users, both those using 1Password and those using other password managers through initiatives like the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF) that 1Password is developing with our partners at the FIDO Alliance.

You asked why I would need to export my credentials: Well, for me, I want to be able to export all of my access credentials to a clean, app-independent format for a simple reason: Legacy. If something happens to me, my family would have a hard time getting access to all of my services and data - especially if they need to setup or re-install my actual OS/App setup beforehand. So I export my (unencrypted) 1password data to a PIN-secured encrypted USB-stick, securely stored offline.

Thank you for sharing your use case. Legacy planning is something that the team is looking into since we know that it's important to many people. Personally, I'd also like to see more options on passing on my 1Password account (or at least certain vaults) to family members in the event of an emergency. I've shared all of your comments and feedback with the team internally.

-Dave

ref: PB-43601129
rgev
New Contributor
2 years ago
Dave, thank you for linking to your new blog post. I appreciate your open communication here as well. There are some interesting discussion going on at the moment and I think they have to be solved within the industry to make passkey a success. See here: https://world.hey.com/dhh/passwords-have-problems-but-passkeys-have-more-95285df9

NB: You asked why I would need to export my credentials: Well, for me, I want to be able to export all of my access credentials to a clean, app-independent format for a simple reason: Legacy. If something happens to me, my family would have a hard time getting access to all of my services and data - especially if they need to setup or re-install my actual OS/App setup beforehand. So I export my (unencrypted) 1password data to a PIN-secured encrypted USB-stick, securely stored offline.