We *need* Passkey export support (!)

rgev
rgev
Community Member
in Mac

It is a shame that nothing is being done here and update notes (at least for the Mac version) are misleading.

They state that import of passkeys is possible from 1PUX files if they belong to the same 1password version. But somewhere else it says that export omits passkeys.

This is unacceptable.

We are using 1password as a company as well and this could seriously be a "deal-breaker" after 2.5 years!

1Password Version: latest
Extension Version: latest
OS Version: macOS
Browser: Safari

Comments

  • rgev
    rgev
    Community Member
    edited October 10

    Dave,

    I am using 1password since Roustem started this app. But today for the very first time I feel very very strange. There is no logical reason not tot offer a passkey export to 1password. It seriously looks like there is some political reason behind it, talking about "lock in" with password managers.

    We are using 1password within our software company. So everyone has a very technical view on this as well. IF you do not address this issue it will have an impact on the technically oriented users.

    It does not give a lot of reassurement what you are writing here. It sounds like "wait and see" for more than a year now.

    Best,

    R

  • Dave_1P
    Dave_1P
    edited October 10

    Hello @rgev! 👋

    (I've merged your two comments into a single thread.)

    Thanks for reaching out. Passkeys saved in 1Password can’t be exported at this time. We’re working closely with platform vendors and other password managers through the FIDO Alliance to create a secure way to import and export passkeys. We believe it’s your choice where to store and use your passkeys.

    There is no logical reason not tot offer a passkey export to 1password.

    There isn't currently a standard encrypted export format available (this is what is being worked on) and the only current option would be to export the passkey to plain text.

    Passkeys can't be viewed in plain text by design, it's an important part of their resistance to phishing and one of the ways in which they provide better security than passwords. A passkey can only be used on the service that it was made for. If a passkey could be viewed in plain text then it could be phished just like a password can.

    Out of curiosity, why were you looking to export your passkeys?

    They state that import of passkeys is possible from 1PUX files if they belong to the same 1password version. But somewhere else it says that export omits passkeys.

    This note, for a version of 1Password from over a year ago, refers to an early iteration of passkey export/import that has since been deprecated in favour of the secure method that is being developed by 1Password and our partners. Hopefully we’ll have more to share soon.

    -Dave

  • thecatfix
    thecatfix
    Community Member

    It’s probably due to the fact users want to export passkeys, because they are looking to move over to another password managers. I love how the password manager providers love to talk about pass keys and then this is your response. You’re literally just trying to protect revenue with that response.

  • Dave_1P
    Dave_1P
    edited October 15

    @thecatfix

    1Password is working with our partners at the FIDO Alliance to create a way to securely export and import passkeys between password managers so that you can take your passkeys with you if you decide to leave 1Password (or bring your passkeys to 1Password from another password manager).

    I do have some good news to share! We've just published an update on the subject over the weekend, outlining the new draft specifications that are being proposed, on our blog: New FIDO Alliance Specs: Importing and Exporting Passkeys

    -Dave

  • rgev
    rgev
    Community Member
    edited October 20

    Dave, thank you for linking to your new blog post. I appreciate your open communication here as well. There are some interesting discussion going on at the moment and I think they have to be solved within the industry to make passkey a success. See here: https://world.hey.com/dhh/passwords-have-problems-but-passkeys-have-more-95285df9

    NB: You asked why I would need to export my credentials: Well, for me, I want to be able to export all of my access credentials to a clean, app-independent format for a simple reason: Legacy. If something happens to me, my family would have a hard time getting access to all of my services and data - especially if they need to setup or re-install my actual OS/App setup beforehand. So I export my (unencrypted) 1password data to a PIN-secured encrypted USB-stick, securely stored offline.

  • Dave_1P
    Dave_1P

    @rgev

    Thanks for sharing that article. 1Password is working to make passkeys are intuitive and accessible to users, both those using 1Password and those using other password managers through initiatives like the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF) that 1Password is developing with our partners at the FIDO Alliance.

    You asked why I would need to export my credentials: Well, for me, I want to be able to export all of my access credentials to a clean, app-independent format for a simple reason: Legacy. If something happens to me, my family would have a hard time getting access to all of my services and data - especially if they need to setup or re-install my actual OS/App setup beforehand. So I export my (unencrypted) 1password data to a PIN-secured encrypted USB-stick, securely stored offline.

    Thank you for sharing your use case. Legacy planning is something that the team is looking into since we know that it's important to many people. Personally, I'd also like to see more options on passing on my 1Password account (or at least certain vaults) to family members in the event of an emergency. I've shared all of your comments and feedback with the team internally.

    -Dave

    ref: PB-43601129