Secrets 4.4 and Passkey Credential Exchange
One major issue preventing some users from adopting [passkeys] is that neither Apple’s Passwords app nor many password managers offer an option to export them, making it harder to switch platforms or password managers.
Secrets, on the other hand, has always allowed users to export any passkeys it stored. However, since no other password manager could import them, this feature was primarily useful for backups rather than migrations.
The good news is that the FIDO Alliance has been working on a standard to address this issue, and Apple has shipped its initial implementation in iOS 18.2 and macOS 15.2.
[…]
As of this writing, Secrets supports importing items exported from eight different password managers. That requires a lot of code and reverse engineering to handle mostly undocumented file formats.
With this new API, password managers that adopt it will become compatible with each other.
[…]
Additionally, given the preview nature of this API, Apple still has it behind developer toggles[…]
See also: Miles Wolbe.
Previously:
- iOS 18.2 and iPadOS 18.2
- macOS 15.2
- Passkeys Credential Exchange
- The Dark Age of Authentication
- Secrets Remote Keychain
4 Comments RSS · Twitter · Mastodon
"This may come as a shock to you Centari, but he doesn't want to be a Starfighter..."
I have never seen a Passkeys advocate allow for the possibility that people simply don't want to do things their way. That their holy technology simply isn't the way people want to do authentication. That there are whole worlds of people who *like* being the conscious intermediary between the thing that wants their password, and the thing that stores their password.
> That their holy technology simply isn't the way people want to do authentication.
Sure, I can see very technical security-conscious people having these strong opinions. But Passkeys are intended to address a real problem (easily cracked weak reused passwords) that affects the other 99% of the people on the world.
I agree usability and rollout have been very rough and the lack of seamless import/export does not help. But they are after the right thing. I hope it improves rapidly and dramatically.
How does a person use Passkeys if they don't own any devices?
With passwords, someone can have a simple paper notebook. What's the Passkey equivalent for people who only have access to public computers?
@Someone
Passkeys are designed as a passwordless authentication method, relying on a cryptographic key stored on a personal device. Sort of like a convenient MFA. If a person does not own any devices, they effectively lack the ability to store and use a passkey directly. Or you can say they don't have this second factor. However, most passkey implementations recognize this limitation and offer fallback authentication methods. These often include password-based login with a one-time code from an authenticator app, SMS, or email. In many cases, these codes (often called app codes) can be pre-generated and written down, similar to how someone might store backup codes in a paper notebook.
