undefined | Better HN

0 pointssheepscreek1y ago0 comments

There is a way around this. Password managers. I use 1Passwords and it acts as the vault for all my Passkeys. Can access them on all devices. Super happy with it.

0 comments

Pfhortune1y ago

Is there a way to export a passkey from 1P to use in a different manager? (Legitimately asking, I haven't tried passkeys yet due to portability concerns, and this would be good to know)

ceinewydd1y ago

Not currently. Someone already did lots of research on this — https://community.bitwarden.com/t/passkey-portability/59177

There’s some hope for interoperability between password managers someday. There doesn’t seem to be agreement on how you can securely export, transfer and import today however.

gcr1y ago

nope, and that's (currently) by design! from a user perspective, passkeys are supposed to be impossible to duplicate. here are some workarounds:

- you can log into your 1password on multiple devices

- you can sign in by QR code, with the help of whichever phone has the passkey on it

- you can add multiple per-device passkeys to your accounts of interest (for example, log into github on desktop and then add a passkey for your desktop device for that github)

- you can keep all your passkeys on a hardware dongle

- you can set up and keep all your passkeys inside an open-source manager (e.g. KeePassXC)

For first-party systems, passkeys are supposed to be stored in hardware storage (TPM chips, secure enclave, etc). Once it's in the chip, the secret key's never coming out of those pins again (unless you're a nation state with a tunneling electron microscope and a very steady hand).

(The huge exception is iCloud Keychain and whatever Google's doing for passkey sync, but that's importing from account data into hardware storage, not exporting existing credentials from a user's existing device)

pkzip1y ago

If you want portability, then you can use HW security keys that support passkeys.

j / k navigate · click thread line to collapse