Tech Giants Unite to Revolutionize Passkey Security with New Transfer Protocols
October 16, 2024The FIDO Alliance, an open industry association focused on reducing reliance on passwords, is developing new specifications to enhance the secure transfer of passkeys across various password managers and platforms.
Major tech companies, including Apple, Google, Microsoft, and Samsung, along with password managers like 1Password and Dashlane, are collaborating on this initiative.
These specifications aim to address the current limitations of passkeys, which often remain confined to specific ecosystems, by introducing the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF).
One of the significant challenges with passkeys is the inability to securely transfer them across different platforms, leading to vendor lock-in for users.
The FIDO Alliance assures that the new specifications will ensure secure transfers by default, improving upon current methods that lack adequate security.
These new formats will be encrypted, providing a more secure transfer method compared to the commonly used CSV files by many password managers.
The drafts were developed with input from various stakeholders, including companies like Dashlane, Bitwarden, and Google, and are currently open for public review on GitHub.
An official Working Draft is set to be released on October 18, 2024, allowing users to provide feedback before finalization.
In related news, Amazon has reported that over 175 million customers have activated passkeys for their accounts, highlighting the growing adoption of this technology.
Passkeys, which utilize public-key cryptography, have already been integrated into Apple's ecosystem since the release of iOS 16 and macOS Ventura.
Other contributors to the specification include Bitwarden, Dashlane, Google, and NordPass, indicating a broad coalition supporting the transition to passkeys.
Craig Newmark emphasizes the importance of accelerating passkey adoption for enhancing digital security and protecting vulnerable systems from cyber threats.
Summary based on 14 sources
Get a daily email with more Tech stories
Sources
WIRED • Oct 14, 2024
The War on Passwords Is One Step Closer to Being OverThe Verge • Oct 15, 2024
Password manager makers want to let you securely transfer passkeysTechRadar pro • Oct 16, 2024
Moving passkeys between password managers is about to get a lot easierGizmodo • Oct 16, 2024
The Crusade to Replace Passwords With Passkeys Just Got More Fuel