Do Son 
Apple has unveiled a pivotal innovation poised to eliminate one of the key obstacles hindering the widespread adoption of passwordless authentication: the inability to seamlessly transfer passkeys across different systems. Announced at WWDC, the company introduced a new feature enabling the import and export of digital keys, which will debut in forthcoming versions of iOS, macOS, iPadOS, and visionOS.
Previously, passkeys generated on a device—say, a Mac—remained effectively “locked” within the Apple ecosystem. While synchronization across the user’s devices via iCloud was possible, transferring those keys to Windows or to a third-party password manager, even one installed on the same Mac, was not. This restriction drew widespread criticism from both users and security professionals.
Such siloing raised concerns that major tech companies were using passkeys to deepen platform lock-in. Furthermore, if a device containing the keys was lost or destroyed, regaining access to critical accounts became a challenge—particularly if no backup existed.
Now, Apple asserts that users will not only be able to move their digital keys across apps and operating systems but do so securely. As demonstrated in a preview video, data transfers will occur directly between compatible applications and be safeguarded by local authentication—such as Face ID. Notably, no intermediate CSV or JSON files will be generated, thereby minimizing the risk of data leakage during transmission.
This transfer system was developed in collaboration with members of the FIDO Alliance, the global consortium responsible for authentication standards. The new mechanism supports not just passkeys but also traditional passwords and verification codes, unifying formats and exchange protocols across platforms.
Interoperability has long been a focal issue for the FIDO Alliance, which includes over 100 member organizations—from app developers to OS vendors. Among those now working to support the new feature are Dashlane, 1Password, Bitwarden, Devolutions, NordPass, and Okta. According to Android Authority, Google is developing similar capabilities, with its password manager already offering rudimentary import and export functions—albeit in a less user-friendly form.
The industry’s move away from passwords is driven by their inherent vulnerabilities and the high cost of maintaining them. Strong passwords are difficult to remember, often reused, and ultimately compromised in large-scale data breaches. Phishing and automated attacks have long since mastered intercepting them.
By contrast, passkeys are built on the principles of asymmetric cryptography and the FIDO2 standard. When registering on a site, a key pair—private and public—is generated. The private key remains securely on the user’s device and is never transmitted, while the public key is stored on the server. During login, the server sends a unique challenge that can only be solved with the private key, rendering interception, phishing, and credential reuse virtually impossible.
Yet, despite their promise, passkeys have faced adoption hurdles due to practical limitations. Many apps and platforms existed as isolated “islands,” restricting the user’s freedom to navigate across them. Apple’s latest initiative—endorsed by FIDO members—marks a significant step toward a more fluid, open, and secure ecosystem, where the data genuinely belongs to the user, not the platform.
Donate