FIDO Alliance is Standardizing Passkey Portability

As expected, the FIDO Alliance is standardizing how password and credential managers can make passkeys portable across providers. Not surprisingly, this was done in partnership with companies like 1Password, Bitwarden, Dashlane, Google, and Microsoft, which have either implemented this capability in their products or announced plans to do so. Apple and Samsung are also on board.

“Secure credential exchange is a focus for the FIDO Alliance because it can help further accelerate passkey adoption and enhance user experience,” the organization notes. “Today, more than 12 billion online accounts can be accessed with passkeys and the benefits are clear: Sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75 percent faster, and 20 percent more successful than passwords or passwords plus a second factor like SMS OTP [text message-based one-time passwords].”

There is no doubt at all that making passkeys portable–and not locking them to a single device but syncing them to a provider account–is key to the success of this crucial passwordless authentication technology. I’ve been syncing passkeys with Dashlane since June, and it works so well I stopped researching other solutions. Of course, the issue to date is that each password/credential manager implemented this feature according to its own designs, and few offer passkey import/export. With this standardization, the FIDO Alliance is providing a draft specification for everyone to follow. And so users can choose the solution they prefer and know everything will just work: They can export passkeys from an existing solution and move to something new.

“Synced passkeys are encrypted, backed up to the cloud, and accessible on multiple devices,” Dashlane explains in its own announcement. “Synced passkeys offer greater convenience compared to other types but require a provider account, typically a password manager account, for management. It’s reasonable to expect a password manager to enable the export of passkeys for import into another password manager. While this capability has existed for passwords for many years, it doesn’t for passkeys … It’s crucial to establish an industry standard for data portability, ensuring that users have the flexibility to transfer and manage their passkeys across platforms.”

This is what the FIDO Alliance’s draft specifications and coming standards will achieve: Portability between password/credential managers.

“What was once just an idea on our wish list will soon become a reality for both third-party password managers and those bundled with operating systems and browsers, enabling data portability for passkeys, passwords, and more,” Dashlane continues. “These new standards will give users the freedom to choose where they store their credentials—a crucial step toward the adoption of passkeys.”