FIDO Alliance Breaks Down The Future of PassKey Portability
AI created, human edited.
The FIDO Alliance is addressing one of the biggest hurdles in widespread passkey adoption: portability. In a recent Tech News Weekly interview, the FIDO Alliance reveals how a new set of specifications is set to transform how we manage and move our digital credentials between services.
The Problem with Current Credential Migration
Today's method of transferring passwords and credentials between services is surprisingly primitive. As Nick Steele, Staff Product Manager at 1Password and FIDO Alliance co-chair (1Password is a sponsor of the TWiT network), points out, the industry standard remains exporting unencrypted CSV files – a process that's both insecure and unreliable. This becomes particularly problematic when users switch devices or want to share credentials with family members using different password managers.
The Scale of the Solution
The numbers are staggering: approximately 12 billion online accounts can now be accessed with Passkeys. Major players like Google (800 million users), Microsoft (all MSN users), and Apple (1.5 billion users) have already implemented passkey support. This widespread adoption makes the need for standardized portability more crucial than ever.
Two Critical Components
The FIDO Alliance's solution involves two key specifications:
- Credential Exchange Protocol (CXP): Defines how credentials can be securely moved between services
- Credential Exchange Format (CXF): Standardizes how credentials should be formatted and stored
This dual approach ensures both secure transfer and consistent data interpretation across different platforms and services.
Industry Collaboration
What's particularly noteworthy is the level of cooperation between typically competitive companies. Apple, Google, and major password managers like 1Password and Bitwarden are all working together through the FIDO Alliance to make this happen. David Turner, Senior Technical Director of Standards Development at FIDO Alliance, emphasizes that this collaboration has been remarkably positive, with companies recognizing the collective benefit of standardization.
Beyond Basic Portability
The specifications go beyond simple credential transfer, addressing:
- Both online and offline scenarios
- Enterprise-specific flows with enhanced security measures
- Future support for digital credentials like mobile driver's licenses
- Regulatory compliance, particularly with EU digital wallet requirements
What's Next for Passkeys
While credential portability is a significant milestone, the FIDO Alliance acknowledges there's more work ahead. The next version of WebAuthn will introduce usability improvements, including:
- Passive enrollment of Passkeys
- Streamlined registration processes
- Enhanced support for high-security scenarios like banking
Getting Involved
For those interested in following these developments:
- Visit fidoalliance.org for official updates
- Follow key contributors on social media
- Provide feedback through FIDO's public GitHub repository
The Bottom Line
This initiative represents a crucial step toward making Passkeys a truly viable replacement for traditional passwords. By addressing the portability challenge, the FIDO Alliance is removing one of the last major barriers to widespread passkey adoption, potentially ushering in a new era of more secure and convenient digital authentication.
Subscribe to Tech News Weekly to stay current on tech news.