The Future of Passkeys: A Game-Changer in Online Security
In the world of online security, passkeys are the new frontier, rapidly gaining momentum and offering significant advantages over traditional passwords. With major tech companies like Apple, Google, and Microsoft backing them, passkeys are poised to revolutionize the way we secure our digital lives.
According to the Fast Identity Online (FIDO) Alliance, more than 12 billion online accounts can now be accessed with passkeys. This statistic highlights the growing importance of this authentication method in an increasingly digitized world.
However, one of the current challenges with passkeys is the lack of a standardized way to import or export them between devices. The FIDO Alliance is working to address this issue by proposing new specifications for secure credential exchange, facilitating the seamless transfer of passkeys and other credentials across providers.
Introducing the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF)
The draft specifications for the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) were published on October 14. These standards define a secure format for transferring credentials in a credential manager, ensuring that transfers are encrypted and secure by default.
Collaboration Amongst Industry Leaders
The proposal for standardizing passkey exchange is the result of collaboration among members of the FIDO Alliance’s Credential Provider Special Interest Group. Companies such as 1Password, Apple, Google, and Microsoft, as well as password managers like Bitwarden, Dashlane, and Enpass, are working together to push this initiative forward.
According to the FIDO Alliance, passkeys offer numerous benefits over traditional authentication methods, including reducing phishing attempts and eliminating credential reuse. Sign-ins with passkeys are also faster and more successful than passwords or passwords combined with a second factor like SMS OTP.
Once these specifications are standardized, they will be open and available for credential providers to implement, paving the way for a more secure and user-friendly authentication experience.