A passkey is a public-private key pair bound to a specific website. The private key never leaves your authenticator; the site stores only the public key. When you sign in, your device proves possession of the private key against a challenge the site issued. Because the key pair is cryptographically tied to the site's origin, a fake login page can't elicit a usable signature — there's nothing to phish. This is a genuine improvement over passwords, full stop.
The design also made the private key deliberately hard to extract. That's good security — a key you can't export is a key an attacker can't steal — but it created a lock-in problem the moment passkeys went mainstream. Switching from an iPhone to an Android phone, or from one password manager to another, meant your passkeys didn't come with you. You'd re-enroll every account by hand. For users weighing whether to leave a platform, non-portable credentials are a powerful retention mechanism, and not an accidental one.
Why "Just Export Them" Was the Hard Part
The obvious fix — let users export passkeys to a file — runs straight into the threat model that makes passkeys valuable. A plaintext export file full of private keys is exactly the centralized, stealable secret store that passkeys were designed to abolish. Any portability mechanism has to move the keys between providers without ever creating a moment where they sit in the clear, and without letting a malicious app trick a provider into coughing them up.
Portability and unstealability pull in opposite directions. A credential that can be moved by the legitimate user can, in principle, be moved by an attacker who impersonates that user. The whole engineering problem is making the first easy and the second infeasible.
What the Credential Exchange Protocol Actually Specifies
In 2024 the FIDO Alliance published two complementary draft specifications, developed with Apple, Google, 1Password, Dashlane, and others:
- CXF (Credential Exchange Format) — a standardized data structure describing credentials: passkeys, but also passwords, TOTP seeds, and other secrets, so the format covers a full credential-manager migration, not just FIDO keys.
- CXP (Credential Exchange Protocol) — the secure transport that moves CXF data from one provider to another, with the payload encrypted end-to-end between the two providers so the credentials are never exposed in transit or at rest on disk.
The critical property is that the exchange is encrypted directly between the source and destination credential managers. There is no plaintext export file written to disk for malware to scoop up. The transfer is a deliberate, user-initiated handshake — the human explicitly directs their credentials to move from provider A to provider B, and the two providers establish a protected channel to carry them.
The goal isn't to make passkeys easy to extract. It's to make migration a first-class, user-controlled operation that's as secure as the credentials themselves — so "I'm leaving this ecosystem" stops meaning "I'm re-enrolling 200 accounts by hand."
Passkeys With and Without Portability
| Property | Pre-CXP reality | CXP goal |
|---|---|---|
| Phishing resistance | Strong | Strong (unchanged) |
| Move between providers | Effectively impossible | Standardized, encrypted |
| Plaintext export risk | None (no export at all) | None (E2E encrypted transfer) |
| Vendor lock-in | High | Reduced once adopted |
| Cross-ecosystem migration | Manual re-enrollment | Single guided flow |
The Caveats Worth Stating Plainly
CXP is promising, but it is not a finished, universally deployed reality, and pretending otherwise would be dishonest.
It's still a draft, and adoption is partial. A specification existing is not the same as your two specific providers both implementing it and letting you use it today. Real-world support is rolling out unevenly, and the migration you want may not be available between the exact pair of apps you care about.
Portability slightly enlarges the attack surface. A migration flow is a new, high-value operation: it moves credentials in bulk. The encryption protects the data in transit, but the authorization step — proving to both providers that you are the one initiating the move — becomes a target. A weak migration-approval flow could become the new soft underbelly. The specification's security depends heavily on implementations getting that authorization right.
Syncing already complicated the "unstealable" story. Most consumer passkeys are synced passkeys — backed up to a cloud keychain so you don't lose them when a device dies. That convenience already means your passkeys exist somewhere beyond a single hardware element, protected by your cloud account's security. Hardware security keys remain the option for device-bound, genuinely non-exportable keys. CXP is about the synced, software-managed majority.
What This Means for You
Practically: keep using passkeys. The phishing resistance is real and valuable today, and it does not depend on CXP. If you've held off adopting passkeys specifically because you feared being trapped in one vendor's walled garden, that concern is now being addressed at the standards level — though you should verify that the specific providers you'd want to migrate between actually support it before relying on it.
The broader lesson is one privacy-conscious users already know: portability is a security property, not just a convenience. A system you can't leave is a system that can degrade — in price, in privacy, in trustworthiness — without consequence, because you have nowhere to go. The same reasoning underlies open protocols generally: email's federation, the messaging world's slow move toward interoperability, and the value of standards over proprietary lock-in. A credential you can move is a credential whose provider has to keep earning your trust.
At Haven we treat that principle as foundational. Account recovery rests on a user-held seed phrase rather than an operator-controlled reset, and the encryption is built on open, auditable protocols precisely so that trusting us is never the same as being stuck with us. Portability is what keeps the relationship honest.