A draft of the 'Credential Exchange Protocol' that can securely transfer passkeys between different systems and a developer resource site 'Passkey Central' are published
FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys - FIDO Alliance
https://fidoalliance.org/fido-alliance-publishes-new-specifications-to-promote-user-choice-and-enhanced-ux-for-passkeys/
The FIDO Alliance Launches Comprehensive Web Resource to Accelerate Passkey Adoption - FIDO Alliance
https://fidoalliance.org/fido-alliance-launches-comprehensive-web-resource-to-accelerate-passkey-adoption/
According to the FIDO Alliance, until now there has been no standard for securely transmitting authentication information, and in many cases passwords or other authentication information was transmitted insecurely.
To improve this situation, the draft submitted by the FIDO Alliance includes a specification called the ' Credential Exchange Protocol ,' which defines how to use a secure transfer format when transferring authentication information between password management systems that handle passwords, passkeys, etc.
Once this specification is standardized, it will be open and can be implemented by any authentication provider, making the process of importing and exporting passkeys in the clear much more secure and allowing them to be transferred with appropriate protection.
1Password, a password management app that cooperates with the FIDO Alliance, has announced that it will develop an option to import and export passkeys based on the new specification.
At the time of writing, the FIDO Alliance is accepting feedback on the draft and will proceed with implementation based on the community's opinions.
At the same time, the website
'Today, more than 12 billion online accounts are accessible with a passkey. Passkey sign-in reduces phishing attacks and eliminates authentication reuse, while making sign-in up to 75 percent faster and 20 percent more successful than password-only sign-in or password plus SMS one-time password combinations,' said the FIDO Alliance. 'It's important that users can choose their preferred credential management system and make the switch securely and frictionlessly.'
Related Posts:
in Security, Posted by log1p_kr