The FIDO Alliance has published a working draft of a new set of specifications for secure credential exchange that, when standardized and implemented by credential providers, will enable users to securely move passkeys and all other credentials across providers. The specifications are the result of commitment and collaboration amongst members of the FIDO Alliance’s Credential Provider Special Interest Group including representatives from: 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung and SK Telecom.
[…]
FIDO Alliance’s draft specifications – Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) – define a standard format for transferring credentials in a credential manager including passwords, passkeys and more to another provide in a manner that ensures transfer are not made in the clear and are secure by default.
Once standardized, these specifications will be open and available for credential providers to implement so their users can have a secure and easy experience when and if they choose to change providers.
The working draft specifications are open to community review and feedback; they are not yet intended for implementation as the specifications may change. Those interested can read the working drafts here, and provide feedback on the Alliance’s GitHub repo. Drafts are expected to be updated and published for public review often until the specifications are approved for implementation.
[…]
So for all you authentication managers out there, it looks like a new standard will emerge soon. BTW it is very noticeable that LastPass is missing from the parties in the FIDO alliance.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft