Mastodon

A Passwordless Future Needs Portability

Posted by Matt Birchler
— 1 min read

Jared Newman: There’s a big problem with Apple and Google’s plans to nix passwords

As anyone who uses a password manager will tell you, not having to think about passwords can feel liberating. But by eliminating them outright, FIDO’s proposal risks putting even more control over users’ digital lives in the hands of just a few major tech companies. FIDO’s current proposal has no mechanism for bulk-transferring passkeys between ecosystems. If you want to switch from an Android phone to an iPhone—or vice versa—you won’t be able to easily move all your passkeys over.

One of the very specific reasons I use 1Password myself is that I don't want my passwords locked into a single company. Apple Keychain doesn't work in Chrome or Firefox or Edge or Android, and it only kinda works in Windows. All other OS-based and browser-based password managers have the same problem, but apps like 1Password don't really care where you use your passwords, their business is making it as easy for you to use your passwords on all your devices, and I love that. I need it, frankly.

If Apple does something I really hate, I can ditch my iPhone and go Android with ZERO problems with accessing my accounts. If a new hot browser comes out and I want to use it, no problem, just install the 1Password extension and I'm logging into everything with ease.

Oh, and if 1Password pisses me off in the future, I can export my passwords (including docs and 2FA codes) in a standard file format that I can import into another app.

This openness is good for consumers, even if passwords are imperfect themselves.

This new system apparently allows for transferring one site's authentication at a time, but in terms of bulk exports, the FIDO Alliance’s executive director says:

“We don’t really have a batch export method right now,” Shikiar says. “I think that’s probably a future iteration.”

We definitely need to get there because telling users that they may not change from Android to iOS or vice versa because they won't be able to log into anything is not a good situation.