The Fido Alliance, an open industry association aimed at “reducing the world’s reliance on passwords”, has published new specifications for passkeys. These specifications will allow users to import or export passkeys, which were launched a couple of years back. Passkeys are intended to replace traditional passwords, offering biometric authentication and security keys. 

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

As of now, users are unable to move passkeys between different password managers. The latest specifications unveiled by Fido Alliance will enable users to export and import passkeys. According to a report, the draft prepared for the new specifications establishes the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), aimed at transferring passkeys as well as other types of credentials. 

The latest formats are encrypted to ensure enhanced security for credentials during the transfer process. Generally, several password managers rely on CSV files to export credentials, which offer lesser security. The report suggests that Fido Alliance collaborated with 1Password to develop the new specifications and has also expressed a commitment to support the new passkey import and export formats once they are unveiled. 

Companies like Google, NordPass, Bitwarden, and Dashlane have also offered their inputs in the draft, which is yet to be reviewed by the industry. Notably, Apple is also a part of the Fido Alliance and was one of the early supporters of passkeys in 2022 with iOS 16. When it comes to the Apple devices, passkeys are synchronised with other Apple devices through iCloud. By scanning a QR code with their iPhone, users can get the option to authenticate with a passkey on other devices. 

Fido Alliance pushes for the development, adoption, and compliance with proper standards in order to authenticate or attest devices. 

In related developments, a recent Google Chrome malfunction resulted in the loss of passwords for 15 million Windows users worldwide. The issue impacted a wide range of areas, including , airlines, healthcare, and banking. The malfunction continued for as long as 18 hours, increasing worries about the dependability of online password managers.