Securely import and export passkeys
Until now, copying passkeys from a password manager has been too cumbersome – and, above all, insecure. The FIDO Alliance is now changing this.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
With a new specification, the FIDO Alliance wants to simplify the import and export of passkeys and make them more secure. Specifically, it is introducing the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF). Users can use them to copy their passkeys from one password manager to another in encrypted form without having to take the insecure detour via CSV files, as was previously the case. The specification should also be able to be used with other authentication information, including conventional passwords.
The working draft will be officially published on October 18. 1Password, among others, is closely involved in the development. According to the announcement, their software should support the new CXP and CXF as soon as possible. According to the working draft, Bitwarden, Dashlane, Google and NordPass also contributed to the new specification. The FIDO Alliance announcement also names Apple, Enpass, Microsoft, Okta, Samsung and TK Telekom. Although these companies themselves have not yet commented on the changes, the broad alliance promises that passkeys can soon be easily and securely copied between different providers.
Videos by heise
However, it is unclear when exactly the new specification will be ready. Once the working draft has been published, interested users will be able to provide feedback in a dedicated GitHub repository.
(fo)
