2024-10-14
FIDO Alliance Making Passkeys More Portable
The FIDO Alliance has announced two supplementary projects meant to address current challenges putting its passkey authentication method into widespread practice. The first is a set of technical standards drafted collaboratively with researchers from major tech firms and password manager companies: The Credential Exchange Protocol (CXP). CXP "aims to standardize the technical process for securely transferring [passkeys] between platforms," avoiding the risk of "user lock-in" and the unsecure migration process of exporting credentials from a conventional password manager. The second project is Passkey Central, a website offering an implementation guide and set of informational resources and tools for supporting and facilitating passkey adoption. Among other materials, the site contains basic introductory guides and use cases, business metrics, and technical documentation for developers.
Editor's Note
Passkeys are meant to be a more useful form of the FIDO2 protocols. Defining a standard export/import format will hopefully make it easier to adopt this important authentication technology.
Johannes Ullrich
A secure and standard Credential Exchange Protocol is badly needed, but a vulnerable protocol needs to be avoided Ð there should be a lot of pounding and external penetration testing before any release. The focus should for now be on narrow but secure support for supplanting reusable passwords vs. some broad approach to exchanging generic 'secrets.'
John Pescatore
If you're feeling the pressure to adopt passkeys, read the information on the Fido Alliance: Passkey Central site, from the introduction to rollout, resources, and developer documentation Ñ you need this information for a successful implementation. With sync capabilities and reduced lock-in, user acceptance will be easier, and you can continue to move forward towards password-less authentication, and a smoother user experience across strongly authenticated applications.
Lee Neely
Passkeys have indeed come a long way in a relatively short time. These announcements may be the final components needed to realize the tipping point away from passwords. On portability, it is important, but I think the OS vendors realized that most people tend to stay with one ecosystem, whether it be Microsoft, Linux, Apple, or Android. Hence their support in creating the exchange protocol.
Curtis Dukes
I am glad to see this. Adopt passkeys and get out of the password game. It's about time.
Moses Frost
Read more in
Wired: The War on Passwords Is One Step Closer to Being Over
Fido Alliance: Passkey Central