Passkeys are the future of authentication and are poised to replace traditional passwords. They offer several advantages. First, they eliminate the need for password creation and memorization. Since passkeys are unique to each website or application, a single passkey cannot be used to access multiple services. This enhances security and makes them resistant to phishing attempts.
Over the past few years, all major technology companies have adopted the passkey standard for authentication. Microsoft, Google, Apple, Meta, and others already support passkey authentication in their products and services. In fact, over 12 billion online accounts can now be accessed with passkeys.
The FIDO Alliance recently published a working draft of a new set of specifications that will enable users to move passkeys and other credentials easily across service providers. Currently, you can"t move a passkey created on an iOS device to an Android device because Apple and Google don"t support passkey exchange.
Once these new specifications are implemented by credential providers like Apple and Google, users will enjoy better interoperability. They can choose their preferred credential management platform by securely moving their passkeys. These specifications were created by the FIDO Alliance"s Credential Provider Special Interest Group, which includes representatives from 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung, and SK Telecom.
In its press release announcing the new specification for secure transfer of passkeys, the FIDO Alliance stated:
"FIDO Alliance"s draft specifications – Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) – define a standard format for transferring credentials in a credential manager, including passwords, passkeys, and more, to another provider in a manner that ensures transfers are not made in the clear and are secure by default."
The FIDO Alliance emphasized that these working draft specifications are open for review and feedback and are not intended for implementation, as the specifications may change based on the feedback received. You can review the specifications on the FIDO Alliance"s website.