The FIDO Alliance, an open industry association focused on reducing reliance on passwords, is developing new specifications to enhance the secure transfer of passkeys across various password managers and platforms.

Major tech companies, including Apple, Google, Microsoft, and Samsung, along with password managers like 1Password and Dashlane, are collaborating on this initiative.

These specifications aim to address the current limitations of passkeys, which often remain confined to specific ecosystems, by introducing the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF).

One of the significant challenges with passkeys is the inability to securely transfer them across different platforms, leading to vendor lock-in for users.

The FIDO Alliance assures that the new specifications will ensure secure transfers by default, improving upon current methods that lack adequate security.

These new formats will be encrypted, providing a more secure transfer method compared to the commonly used CSV files by many password managers.

The drafts were developed with input from various stakeholders, including companies like Dashlane, Bitwarden, and Google, and are currently open for public review on GitHub.

An official Working Draft is set to be released on October 18, 2024, allowing users to provide feedback before finalization.

In related news, Amazon has reported that over 175 million customers have activated passkeys for their accounts, highlighting the growing adoption of this technology.

Passkeys, which utilize public-key cryptography, have already been integrated into Apple's ecosystem since the release of iOS 16 and macOS Ventura.

Other contributors to the specification include Bitwarden, Dashlane, Google, and NordPass, indicating a broad coalition supporting the transition to passkeys.

Craig Newmark emphasizes the importance of accelerating passkey adoption for enhancing digital security and protecting vulnerable systems from cyber threats.