FIDO Alliance Proposes New Passkey Exchange Standard

Passkeys are rapidly gaining momentum and offer significant advantages over traditional passwords, with many security authorities and major tech companies like Apple, Google, and Microsoft promoting their use.

Today, more than 12 billion online accounts can today be accessed with passkeys, according to the Fast Identity Online (FIDO) Alliance.

However, there is currently no standardized way to import or export them between devices. The FIDO Alliance may soon change this paradigm, proposing a new set of specifications for secure credential exchange, enabling users to securely move passkeys and all other credentials across providers.

The draft specifications were published on October 14 and include the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF).

They define a standard format for transferring credentials in a credential manager including passwords, passkeys and more, to another provider in a manner that ensures transfers are not made in the clear and are secure by default. 

Google, Apple, Microsoft and Password Managers Involved

This proposal is the result of collaboration amongst members of the FIDO Alliance’s Credential Provider Special Interest Group, including representatives from 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung and SK Telecom.

In its announcement, the FIDO Alliance noted that keypasses’ benefits over other authentication methods are now proven.

“Sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75% faster, and 20% more successful than passwords or passwords plus a second factor like SMS one-time-password (OTP),” the Alliance said.

Once standardized, these specifications will be open and available for credential providers to implement. 

Read more: Five Ways to Dramatically Reduce the Risk of Password Compromise