As passkeys have gained wider adoption since their introduction two years ago, managing them has been dependent on the manufacturer or password manager that created them. This becomes a tedious process when switching devices or platforms. The new specifications aim to address this issue.

For starters, a passkey is a newly developed digital security credential designed to replace passwords. It offers enhanced security and a seamless login experience without the need to remember or type in passwords. However, passkeys have a portability drawback, as they can only be synced across devices within the same password manager, such as Google Password Manager.

Now, in a press release, the FIDO Alliance, which includes members like Apple and Google, has announced new specifications to improve passkey usability. These specifications set the formats for the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF). They are still in draft form and subject to iterations before a definitive guideline is created. The major goal is to establish a new standard to make passkeys transferable.

Besides the BigTech companies, popular password managers such as Bitwarden and 1Password already announced backing of the specifications. 

How portable passkeys could be beneficial for users

This means that importing and exporting passkeys between different security platforms and managers should be supported, giving users more flexibility. Beyond passkeys, this will also be compatible with other credentials, including passwords.

There is some discussion that this portability could make passkeys more vulnerable to risks. However, the group emphasized that security keys and credentials remain secure and encrypted during transfer between platforms and devices. The drafts also highlight the development of a user authentication system while keeping passkeys portable.

The FIDO Alliance has not given an exact timeline for when the standard will be implemented by manufacturers. Apple, Samsung, and Google are among the major companies that first adopted passkeys in their devices. If the new standard is finalized, they are expected to support moving passkeys between their devices.

Have you been using passkeys on your device? Do you think making them portable will be useful? We’d love to hear your opinion in the comment section.

Recommended Posts