FIDO Alliance Proposes New Standards to Simplify and Secure Passkey Transfers Across Platforms
- 260
The FIDO Alliance is making strides to facilitate the adoption of passkeys by developing new draft specifications for secure credential exchange. Passkeys represent a contemporary, phishing-resistant alternative to traditional passwords, and these developments promise to streamline their use across a variety of platforms. With the introduction of these specifications, major companies like Google, Apple, and Microsoft, alongside popular password management tools, may soon enable users to safely export and import passkeys along with existing passwords, simplifying transitions between services, such as moving from an Android device to an iOS one.
On Monday, the FIDO Alliance unveiled two draft specifications: Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF). These specifications aim to provide users with greater choices while enhancing their overall experience in utilizing passkeys. The intention behind the new CXP and CXF guidelines is to facilitate the secure transfer of vital information such as passwords, passkeys, and additional credentials. Currently, most password managers rely on exporting sensitive data in plaintext, commonly as a comma-separated value (CSV) text file, a method that poses significant security risks.
The newly proposed secure credential exchange specifications are set to bolster the safety of password exports while also introducing the first reliable method for transferring passkeys between different services. For instance, users of Bitwarden may eventually be able to export their passkeys from the service and seamlessly import them into their Google or Apple accounts. This advancement would negate the need for generating multiple passkeys for individual services, making the transition between platforms remarkably more user-friendly.
It is essential to recognize that the implementation of secure password and passkey migration could take a while to become accessible to the final users. The draft specifications will require consensus, standardization, and action by credential providers before the anticipated functionalities become accessible. Additionally, the FIDO Alliance invites public input through GitHub, allowing developers and technology enthusiasts to share their feedback on these draft specifications.