Password-killing technology known as “passkeys” has become popular over the past two years, promoted by a technology industry organization known as the FIDO Alliance as a simpler and more secure authentication method. And while removing any embedded technology like passwords is difficult, new features and tools introduced this week are pushing passcodes toward the finish line.
At the FIDO Alliance’s Authentication Conference in Carlsbad, California, on Monday, researchers announced two projects that will make it easier for organizations to provide pass-through keys—and easier for everyone. Another new technology specification called Credential Exchange Protocol (CXP) will make passkeys portable within the digital ecosystem, a feature that users have been asking for a lot. Another website, called Passkey Central, is where developers and system administrators can find resources such as metrics and implementation guidelines that make it easy to add passkey support to existing digital platforms.
“To me, both announcements are part of a broader story of the industry working together to end our reliance on passwords,” Andrew Shikiar, CEO of the FIDO Alliance, told WIRED ahead of Monday’s announcements. “And when it comes to CXP, we have all these fiercely competitive companies that are willing to cooperate in sharing information.”
CXP includes a set of draft specifications developed by the “FIDO Provider Special Interest Group.” The development of technical standards can often be a cumbersome bureaucratic process, but the creation of the CXP appears to have been positive and collaborative. Researchers from password managers 1Password, Bitwarden, Dashlane, NordPass, and Enpass all worked on CXP, as did those from identity providers Okta and Apple, Google, Microsoft, Samsung, and SK Telecom.
Details are important for several reasons. CXP was created for passkeys and is intended to address long-standing criticism that passkeys can contribute to user lock-in by making it more difficult for people to move between operating system vendors and device types. However, in many ways this problem already exists with passwords. Export features that allow you to move all passwords from one administrator to another are often exposed in a malicious way and basically just dump a list of all your passwords into a plain text file.
It’s become easier to sync passwords across all your devices using a single password manager, but CXP aims to standardize the technology to transfer them securely between platforms so users can freely—and safely—navigate the digital landscape. Importantly, while CXP was designed with passkeys in mind, it is a specification that can be adapted to securely exchange other secrets, including passwords or other types of data.
Source link