FIDO Alliance Seeks to Increase Passkeys Adoption With Draft Secure Credential Exchange Specifications
Password managers will also be able to offer a secure method of migrating passwords and passkeys to another platform.
Photo Credit: Unsplash/ Onur Binay
Users can quickly log into services using biometric authentication with passkeys
Highlights
- Passkey migration could become easier thanks to a new draft standard
- The FIDO Alliance is accepting community feedback on the specifications
- It will allow users to securely migrate passkeys and passwords
Passkeys — the modern, phishing-resistant secure alternative to passwords — could soon become easier to use across various platforms. According to new draft specifications published by the FIDO (Fast Identity Online) Alliance, companies like Google, Apple and Microsoft as well as password management apps like Dashlane, 1Password, and Bitwarden could allow users to export and import passkeys and passwords securely, allowing them to migrate their credentials to another service (for example, when switching from Android to iOS) instead of creating new ones.
FIDO Alliance Publishes Draft Secure Credential Exchange Specifications
The FIDO Alliance released two draft specifications on Monday — Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) — stating that they were designed to promote choice, while enhancing the user experience while utilising passkeys.
The new CXP and CXF draft specifications were designed to streamline the process of transferring credentials such as passwords, passkeys, and other information in a secure manner. Currently, most password managers export credentials in plaintext, usually in the form of a comma separated value (CSV) text file, which is extremely risky.
- Samsung Expands Passkeys to TVs and These Other Devices
While the draft secure credentials exchange specifications will improve the security of passwords when they are being exported, they will provide the first secure method of migrating passkeys across services.
For example, a Bitwarden user might be able to export passkeys stored with the service and then import them into their Google or Apple account. The process would ensure that users would not need to generate multiple passkeys for each service, while making it easy for users to switch platforms.
- Google Chrome Now Making It Easier to Sync Passkeys Across Devices
- High-Risk Google Account Users Will Now Be Able to Use Passkeys
- High-Risk Google Account Users Will Now Be Able to Use Passkeys
- WhatsApp for iOS Will Now Let You Login Without SMS Codes
- X Expands Passkey Support on Its iOS App to Users Globally
It's worth noting that it could be a while before secure password and passkey migration could make its way to users. These draft specifications will need to be agreed upon, standardised, and implemented by credential providers, in order for the new functionality to be available. The FIDO Alliance also says that it is accepting community review via GitHub — developers and enthusiasts can provide feedback on the draft specifications.