As digitalization increases, security measures are becoming increasingly important to protect sensitive data from unauthorized access. Passkeys, which were introduced two years ago, are considered a promising alternative to traditional passwords. This technology is based on a more secure authentication method that uses either a physical security key or biometric data. The FIDO Alliance recently published new specifications for passkeys that will make it possible to import and export them in the future.
Since the introduction of passkeys, a lot has happened to make authentication more secure and easier. Passkeys already offer a reliable alternative to traditional passwords, but until now there was no way to transfer them between different password managers. This significantly limited users' flexibility. With the new specifications published by the FIDO Alliance, real progress is now on the horizon. Companies such as 1Password, Google and Dashlane have already committed to supporting these new formats.
What exactly are passkeys?
Passkeys are cryptographic keys designed to replace traditional passwords. Unlike passwords, which can often be stolen or hacked, passkeys offer a more secure way to log into online accounts. This works either through biometric data such as fingerprints or facial recognition, or by using a physical security key. The advantages of passkeys are obvious:
- Greater security: Passkeys cannot be stolen or intercepted by phishing attacks.
- Easier to use: Authentication is done with one click or one scan.
- Cross-platform: With the right support, passkeys can be used on different devices.
Previous problem: No cross-platform portability
Although passkeys offer a more secure authentication method, until now there was one major limitation: you couldn't transfer your passkeys between different password managers or platforms. So, for example, if you had a passkey stored in the Apple Passwords app, it was almost impossible to transfer it to another service like 1Password. This meant that users were typically locked into one platform, limiting their flexibility and choice.
The new specifications of the FIDO Alliance
To solve this problem, the FIDO Alliance has developed new specifications for passkeys publishedthat allow users to import and export passkeys between different services. The new formats, the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF), enable secure transfer of passkeys and other credentials between different platforms and password managers. The key points of the new specifications are:
- Security: Passkeys are transmitted using encrypted formats, which ensures security during the transfer. This is significantly safer than the CSV files used previously, which are often insecure.
- Compatibility: Major password managers such as 1Password, Dashlane, Bitwarden and NordPass have committed to supporting the new specifications, making it easier to transfer passkeys between these services.
- Advanced user control: As a user, you will have the freedom to change password managers without sacrificing convenience or security.
Participating companies
Several well-known companies are working on implementing these new specifications. In addition to 1Password, which works closely with the FIDO Alliance, Dashlane, Bitwarden, NordPass and Google have also pledged their support. This means that in the near future you will be able to easily switch between these platforms without having to manually re-set up your passkeys. It is also worth noting that Apple has not been explicitly mentioned so far, although the company has been playing a leading role in this technology since the introduction of passkeys in 2022. Apple has implemented passkeys in its ecosystem and syncs them across devices via iCloud. It is expected that Apple will also adopt the new specifications since the company is a member of the FIDO Alliance.
When will the new specifications be available?
Although the new specifications represent a significant step towards greater flexibility and ease of use, it is unlikely that they will be implemented this year. First, the specifications must be reviewed and approved by the industry. Once this is complete, implementation can begin, which will take some time. Nevertheless, the prospect of these improvements is promising and will make using passkeys much easier.
More flexibility and security through the new passkey specifications
With the introduction of the new passkey specifications by the FIDO Alliance, another obstacle has been removed on the way to more secure and flexible authentication methods. The ability to transfer passkeys securely between different platforms gives you as a user greater freedom in choosing your password manager without having to sacrifice security. It remains to be seen when exactly these specifications will be available, but the course has already been set for a secure and user-friendly future. The FIDO Alliance has taken a significant step to further improve digital security and give users more control over their passkeys. If you have not used passkeys before, now is a good time to familiarize yourself with this technology. Not only does it offer a high level of security, but it will also soon offer the flexibility we expect from modern authentication methods. (Photo by peterzayda / Bigstockphoto)
