Password-removing technology known as “passkeys” has proliferated over the past two years, developed by the technology industry association known as the FIDO Alliance as an easier, more secure authentication alternative. And while it’s difficult to replace any technology as entrenched as passwords, new features and resources launching this week are taking passwords to a tipping point.
At the FIDO Alliance’s Authenticate conference in Carlsbad, California, on Monday, researchers announced two projects that will make passcodes easier for organizations to offer and easier for everyone to use. One is a new technical specification called Credential Exchange Protocol (CXP) that will make access keys portable across digital ecosystems, a feature that users have increasingly demanded. The other is a website, called Access key centerwhere developers and system administrators can find resources such as metrics and implementation guides that make it easy to add support for access keys to existing digital platforms.
“To me, both announcements are part of a broader story of the industry working together to stop our reliance on passwords,” Andrew Shikiar, executive director of the FIDO Alliance, told WIRED ahead of Monday’s announcements. “And when it comes to CXP, we have all these companies that are fierce competitors willing to collaborate on credential sharing.”
CXP comprises a set of draft specifications developed by the FIDO Alliance’s “Credential Providers Special Interest Group.” The development of technical standards can often be a complicated bureaucratic process, but the creation of CXP appears to have been positive and collaborative. Researchers from password managers 1Password, Bitwarden, Dashlane, NordPass and Enpass worked at CXP, as did those from identity providers Okta, Apple, Google, Microsoft, Samsung and SK Telecom.
Specifications are important for several reasons. CXP was created for passcodes and is intended to address a long-standing criticism that passcodes could contribute to user lock-in by making it prohibitively difficult for people to move between operating system vendors and device types. However, in many ways this problem already exists with passwords. Export features that allow you to move all your passwords from one administrator to another are often dangerously exposed and essentially just download a list of all your passwords in a plain text file.
It’s become much easier to sync passkeys between your devices through a single password manager, but CXP aims to standardize the technical process to securely transfer them between platforms so that users are free and safe to roam the landscape. digital. Importantly, while CXP was designed with access keys in mind, it is actually a specification that can be adapted to securely exchange other secrets, including passwords or other types of data.
