Passkeys, recognized as a safe and phishing-resistant alternative to traditional passwords, may soon see enhanced usability across various platforms. New draft specifications released by the FIDO (Fast Identity Online) Alliance suggest that technology giants like Google, Apple, and Microsoft, along with password management services such as Dashlane, 1Password, and Bitwarden, could facilitate the secure export and import of passkeys and passwords. This development aims to simplify the transition of user credentials when switching services, such as moving from Android to iOS, without the need to create new passkeys.
FIDO Alliance Introduces Draft Specifications for Secure Credential Exchange
On Monday, the FIDO Alliance unveiled two draft specifications: Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF). These specifications are aimed at enhancing user experience while providing more options in the use of passkeys.
The newly developed CXP and CXF specifications aim to facilitate the secure transfer of various credentials, including passwords and passkeys. At present, most password managers export credentials in an unsecured format, typically as plaintext in a comma-separated value (CSV) file, which poses a significant security risk.
With the introduction of these draft specifications, exporting passwords will become more secure, and for the first time, it will provide a reliable way to transfer passkeys between different services.
For instance, a user of Bitwarden could potentially export their passkeys and import them into a Google or Apple account seamlessly. This would enable users to avoid the hassle of generating multiple passkeys for different services, simplifying the process of switching platforms.
However, implementation of secure password and passkey migration might take some time before it becomes widely available to the public. The draft specifications need to undergo a process of agreement, standardization, and implementation by credential providers. Additionally, the FIDO Alliance is open to community feedback via GitHub, inviting developers and enthusiasts to contribute their insights regarding the draft specifications.
