There was a lot of news the other day about passkeys and portability - https://fidoalliance.org/fido-alliance-publishes-new-specifications-to-promote-user-choice-and-enhanced-ux-for-passkeys/ - that says in part:

"Until now, there has been no standard for the secure movement of credentials, and often the movement of passwords or other credentials has been done in the clear."

This is true, but... there is also still no standard for any of that. The specs are mostly empty placeholders.

https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20240522.html

https://fidoalliance.org/specs/cx/cxf-v1.0-wd-20240522.html

Solid Mitch Hedberg energy here.