Apple @ Work: New FIDO specifications aim to end Passkey vendor lock-in

3 weeks ago 3

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

The FIDO Alliance has taken a big step toward improving the usability of passkeys by introducing two new draft specs: the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF). These proposals are designed to solve a key issue slowing the adoption of passkeys in the enterprise: vendor lock-in. While Passkeys bring a solid alternative to traditional passwords, their current implementation leaves users stuck to specific platforms or password managers, making it difficult to switch between services without completely redoing the Passkey setup.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


Passkeys offer a much more secure and convenient method for authentication by eliminating the need for traditional passwords which are always being breached. Instead of storing and managing long strings of characters, passkeys use cryptographic methods (Face ID, Touch ID, etc) to verify users’ identities across devices and services. The benefits of passkeys are easy to see—they are resistant to phishing and are generally more secure than normal passwords. However, the current state of the technology comes with a significant trade-off: portability between platforms is really challenging.

The new CXP and CXF specifications aim to address these limitations by creating a standardized, secure way to transfer passkeys between different password managers without removing and re-adding from each platform. Currently, if you decide to switch from one password manager to another, like moving from 1Password to Apple Passwords, you would need to delete the passkey from the old service and then manually set it up again in the new one. It can be done, but it’s a pain.

Customers can migrate their passkeys through these new standards without compromising security or dealing with manual processes. The Credential Exchange Protocol will handle the secure transfer of credentials between different platforms, while the Credential Exchange Format ensures that these credentials are readable and usable across various services. This system is expected to provide a seamless and secure experience for users looking to switch platforms.

Companies like Dashlane and 1Password have already started collaborating with the FIDO Alliance to implement these standards. This collaboration is crucial for encouraging the adoption of passkeys by making them more user-friendly.

Additionally, by standardizing how passkeys are managed and transferred, the FIDO Alliance’s new specifications will help businesses and consumers have more freedom in choosing the best tools for their needs without being locked into a single ecosystem. Over time, this will drive broader adoption of passkeys, further pushing the shift away from passwords, often the weakest link in personal and organizational security.


9to5Mac’s Take

While passkeys represent a significant advancement in authentication security, they currently come with a major downside: vendor lock-in. Moving between platforms like 1Password, Dashlane, or Apple Passwords isn’t a smooth process today. Users are forced to manually delete and re-add passkeys, making switching password managers a cumbersome and inefficient task. For those managing many credentials, this lack of portability creates friction and could deter users from fully embracing the technology. It’s way easier to export a CSV file and reimport it than move Passkeys.

The FIDO Alliance’s new specifications aim to change this, promising an easier, more secure way to migrate passkeys between platforms. I love seeing Dashlane and 1Password collaborating here as well. Yes, it makes it easier to leave their services, but it also makes it easier to move to their service. You don’t ever want to keep a customer because it’s challenging to leave. You want to keep a customer because you offer the best solution for their problem. I love Passkeys, I believe its the future of passwords, and this is an important enhancement.

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

FTC: We use income earning auto affiliate links. More.

Read Entire Article