Missing puzzle piece for Passkeys: Apple promises export function soon
Passkeys have been stuck in silos, deterring users. iOS 26 & Co. will offer a standardized export function for passwords and passkeys.
Apple users will soon be able to export their passkeys. The manufacturer announced this at WWDC 2025 for the iOS, iPadOS and macOS 26 operating systems, which will be released in the fall. For the first time, it will be possible to move the passkeys stored in the iCloud keychain or in Apple's Passwords app to another password manager. Exporting passwords and one-time codes is also supported, Apple emphasized, as is importing them.
The new transfer process is also more secure than the previous method of storing sensitive access data in plain text in a JSON or CSV file.
(Image:Â Apple)
FIDO specification for secure passkey export
According to Apple, a procedure specified by the FIDO Alliance is used for the secure transfer process. This apparently refers to the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF), which the alliance presented last fall. It is intended to enable the direct exchange of access data between two password managers. Both sides must support the specification for this.
Videos by heise
Apple is providing new interfaces that can be integrated into apps. The company promises that existing passkeys will not be changed by the transfer process and can continue to be used seamlessly. Password managers such as 1Password have already announced that they will support the specification, and many other well-known names are also involved according to FIDO, including Bitwarden, Dashlane, Google and Microsoft.
Passkey silos hinder distribution
Passkeys are designed as a more secure alternative to passwords and are intended to replace them in the long term. So far, however, the technology has remained an isolated solution, as passkeys are locked into the silos of large password managers and are therefore mainly located in the integrated services of the platform providers Apple, Google or Microsoft.
Passkeys could also be used across platforms, for example via Google's password management integrated into Chrome, but there are many pitfalls and not everyone wants to entrust their access data to the cloud of an IT giant. A standardized export and import function could ensure more Passkeys' acceptance in the future if users can seamlessly transfer their complete access data from one password management system to the next.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(lbe)
