The FIDO Alliance said it’s working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method.
To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange, following commitments among members of its Credential Provider Special Interest Group (SIG).
✔ Approved
From Our Partners
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
This includes 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung, and SK Telecom.
“Secure credential exchange is a focus for the FIDO Alliance because it can help further accelerate passkey adoption and enhance user experience,” the FIDO Alliance said in a statement.
“Sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75% faster, and 20% more successful than passwords or passwords plus a second factor like SMS OTP.”
While passkeys have the advantage of being secure and phishing-resistant, they are essentially locked in to the operating system or the password manager service, making it impossible to transfer them when switching platforms and, therefore, requiring users to create new passkeys per device.
The new specification proposed by the FIDO Alliance aims to address this gap with the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF).
They “define a standard format for transferring credentials in a credential manager including passwords, passkeys, and more to another provider in a manner that ensures transfer are not made in the clear and are secure by default,” it said.
The development comes as Amazon revealed that more than 175 million customers have enabled passkeys on their accounts, nearly one year after the initial rollout.
“Passkeys fundamentally shift the way we sign in to our online accounts for the better — and seeing Amazon roll out passkeys is evidence of its commitment to its customers’ time, experiences, and security across Amazon web and mobile shopping experiences,” said Andrew Shikiar, chief executive officer of FIDO Alliance.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:thehackernews.com