We *need* Passkey export support (!)

I have completely given up on Passkeys. They are nothing more than vendor lock-in. Nobody is in a rush to implement export, because they don't want to lose the vendor lock-in.

Security is also only as good as the weakest link. If I set up a Passkey but can't disable my password and ONLY use a passkey + TOTP code, then I have only gained convenience and not security.

And Passkeys CAN be exported as plain text. Keepass lets me do it. The FIDO Alliance just refuses to allow it.

Maybe I'll revisit Passkeys when everyone gets their head out of their *** and does it properly. But without proper export and import, and the ability to disable password login, Passkeys are just an alpha product at best.

Are there any updates on this? If Apple implemented it, I suppose Credential Exchange Protocol and Credential Exchange Format standards are already defined? What is stopping 1Password from implementing this?

Any updates on Passkey Export and Import?  I know Apple announced they will support it in their OS26 releases so it would be good to get an official update from 1Password about it.

Sounds to me like I will never get what I want. I don't want to transfer my passkeys to another credential provider. I want to export them and back them up 

What's the status of passkey export?

This isn't just a 1Password problem. Why the heck was export and import not part of the spec when passkeys first came out? The FIDA alliance are bunch of smart people.

I've read that the FIDO Alliance is working on adding export and import as part of the spec, but it will be an OPTIONAL feature, not MANDATORY.

Passkeys = vendor lock-in.

No, thank you.

Yes, I see the advantages of passkeys. But being locked into a vendor because you can't move your passkeys makes it DOA. I'm sure 1Password doesn't think this way, but I guarantee you Apple. Google and Microsoft all immediately saw that lack of export/import and they immediately saw the vendor lock-in potential.

If the FIDO Alliance isn't going to offer passkey export as part of the spec in a timely manner, I think 1Password should figure out their own solution and deploy it.

The only software that lets you export passkeys right now is Keepass.

I had about a half dozen passkeys set up. I have deleted them all and gone back to a password with 2FA.

rgev

Thanks for sharing that article. 1Password is working to make passkeys are intuitive and accessible to users, both those using 1Password and those using other password managers through initiatives like the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF) that 1Password is developing with our partners at the FIDO Alliance.

You asked why I would need to export my credentials: Well, for me, I want to be able to export all of my access credentials to a clean, app-independent format for a simple reason: Legacy. If something happens to me, my family would have a hard time getting access to all of my services and data - especially if they need to setup or re-install my actual OS/App setup beforehand. So I export my (unencrypted) 1password data to a PIN-secured encrypted USB-stick, securely stored offline.

Thank you for sharing your use case. Legacy planning is something that the team is looking into since we know that it's important to many people. Personally, I'd also like to see more options on passing on my 1Password account (or at least certain vaults) to family members in the event of an emergency. I've shared all of your comments and feedback with the team internally.

-Dave

ref: PB-43601129

Dave, thank you for linking to your new blog post. I appreciate your open communication here as well. There are some interesting discussion going on at the moment and I think they have to be solved within the industry to make passkey a success. See here: https://world.hey.com/dhh/passwords-have-problems-but-passkeys-have-more-95285df9

NB: You asked why I would need to export my credentials: Well, for me, I want to be able to export all of my access credentials to a clean, app-independent format for a simple reason: Legacy. If something happens to me, my family would have a hard time getting access to all of my services and data - especially if they need to setup or re-install my actual OS/App setup beforehand. So I export my (unencrypted) 1password data to a PIN-secured encrypted USB-stick, securely stored offline.

thecatfix

1Password is working with our partners at the FIDO Alliance to create a way to securely export and import passkeys between password managers so that you can take your passkeys with you if you decide to leave 1Password (or bring your passkeys to 1Password from another password manager).

I do have some good news to share! We've just published an update on the subject over the weekend, outlining the new draft specifications that are being proposed, on our blog: New FIDO Alliance Specs: Importing and Exporting Passkeys

-Dave

It’s probably due to the fact users want to export passkeys, because they are looking to move over to another password managers. I love how the password manager providers love to talk about pass keys and then this is your response. You’re literally just trying to protect revenue with that response.

Hello rgev! 👋

(I've merged your two comments into a single thread.)

Thanks for reaching out. Passkeys saved in 1Password can’t be exported at this time. We’re working closely with platform vendors and other password managers through the FIDO Alliance to create a secure way to import and export passkeys. We believe it’s your choice where to store and use your passkeys.

There is no logical reason not tot offer a passkey export to 1password.

There isn't currently a standard encrypted export format available (this is what is being worked on) and the only current option would be to export the passkey to plain text.

Passkeys can't be viewed in plain text by design, it's an important part of their resistance to phishing and one of the ways in which they provide better security than passwords. A passkey can only be used on the service that it was made for. If a passkey could be viewed in plain text then it could be phished just like a password can.

Out of curiosity, why were you looking to export your passkeys?

They state that import of passkeys is possible from 1PUX files if they belong to the same 1password version. But somewhere else it says that export omits passkeys.

This note, for a version of 1Password from over a year ago, refers to an early iteration of passkey export/import that has since been deprecated in favour of the secure method that is being developed by 1Password and our partners. Hopefully we’ll have more to share soon.

-Dave