A draft of the 'Credential Exchange Protocol' that can securely transfer passkeys between different systems and a developer resource site 'Passkey Central' are published



The FIDO Alliance , an authentication technology standards organization, has drafted a new specification to enable the secure transfer of passkeys , a login method that can be used instead of passwords, between different systems. If the specification is realized, it will define a standard format for transferring authentication information between different systems.

FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys - FIDO Alliance
https://fidoalliance.org/fido-alliance-publishes-new-specifications-to-promote-user-choice-and-enhanced-ux-for-passkeys/

The FIDO Alliance Launches Comprehensive Web Resource to Accelerate Passkey Adoption - FIDO Alliance
https://fidoalliance.org/fido-alliance-launches-comprehensive-web-resource-to-accelerate-passkey-adoption/

According to the FIDO Alliance, until now there has been no standard for securely transmitting authentication information, and in many cases passwords or other authentication information was transmitted insecurely.

To improve this situation, the draft submitted by the FIDO Alliance includes a specification called the ' Credential Exchange Protocol ,' which defines how to use a secure transfer format when transferring authentication information between password management systems that handle passwords, passkeys, etc.

Once this specification is standardized, it will be open and can be implemented by any authentication provider, making the process of importing and exporting passkeys in the clear much more secure and allowing them to be transferred with appropriate protection.

1Password, a password management app that cooperates with the FIDO Alliance, has announced that it will develop an option to import and export passkeys based on the new specification.

At the time of writing, the FIDO Alliance is accepting feedback on the draft and will proceed with implementation based on the community's opinions.



At the same time, the website

Passkey Central has been launched to learn more about why and how to implement Passkey, providing resources for developers and business people looking to introduce Passkey to their companies to implement and introduce Passkey.

'Today, more than 12 billion online accounts are accessible with a passkey. Passkey sign-in reduces phishing attacks and eliminates authentication reuse, while making sign-in up to 75 percent faster and 20 percent more successful than password-only sign-in or password plus SMS one-time password combinations,' said the FIDO Alliance. 'It's important that users can choose their preferred credential management system and make the switch securely and frictionlessly.'



Related Posts:

in Security, Posted by log1p_kr