Password-removing technology, known as “passkey,” was developed and proliferated over the past two years by a technology industry association known as the FIDO Alliance as an easier and more secure authentication alternative. It’s difficult to replace a technology as entrenched as passwords, but the new features and resources launching this week are pushing Password Key to a tipping point.
At the FIDO Alliance’s Authentication Conference in Carlsbad, California, on Monday, researchers announced two projects that will make it easier for organizations to provide passkeys and make them easier for everyone to use. One is a new technical specification called Credential Exchange Protocol (CXP) that allows cryptographic keys to be portable across digital ecosystems, a feature increasingly demanded by users. The other is a website like: Passkey Centraldevelopers and system administrators can find resources, such as metrics and implementation guides, to make it easier to add support for Passkey to existing digital platforms.
“To me, both announcements are part of a broader story of the industry working together to combat reliance on passwords,” Andrew Shikiar, CEO of the FIDO Alliance, told WIRED ahead of Monday’s announcement. “And when it comes to CXPs, there are all these fierce competitors willing to collaborate on credential exchanges.”
CXP consists of a series of draft specifications developed by the FIDO Alliance’s “Credential Provider Special Interest Group”. While developing technical standards can often be a laborious, bureaucratic process, the creation of a CXP appears to be a positive and collaborative process. Researchers from password managers 1Password, Bitwarden, Dashlane, NordPass, and Enpass have all worked on CXP, as have researchers from identity providers Okta, Apple, Google, Microsoft, Samsung, and SK Telecom.
Specifications are important for several reasons. CXP was created for cryptographic keys and is intended to address long-standing criticism that cryptographic keys can contribute to user lockout by making it incredibly difficult to move them between operating system vendors and device types. But in many ways, this problem already exists with passwords. The export function, which allows you to move all passwords from one administrator to another, is often dangerous and essentially dumps a list of all passwords into a plain text file.
A single password manager has made it easier than ever to synchronize password keys across multiple devices, but CXP aims to standardize the technological process for securely transferring passwords across platforms so that users can freely and safely roam their digital environments. The important thing is that although CXP was designed with cryptographic keys in mind, it is actually a specification that can be adapted to securely exchange other secrets as well, including passwords or other types of data.
