The War on Passwords Is One Step Closer to Being Over

You May Be Interested In:13 Deals on WIRED-Approved Gear at Walmart


The password-killing tech known as “passkeys” have proliferated over the last two years, developed by the tech industry association known as the FIDO Alliance as an easier and more secure authentication alternative. And although superseding any technology as entrenched as passwords is difficult, new features and resources launching this week are pushing passkeys toward a tipping point.

At the FIDO Alliance’s Authenticate conference in Carlsbad, California, on Monday, researchers are announcing two projects that will make passkeys easier for organizations to offer—and easier for everyone to use. One is a new technical specification called Credential Exchange Protocol (CXP) that will make passkeys portable between digital ecosystems, a feature that users have increasingly demanded. The other is a website, called Passkey Central, where developers and system administrators can find resources like metrics and implementation guides that make it easier to add support for passkeys on existing digital platforms.

“To me, both announcements are part of the broader story of the industry working together to stop our dependence on passwords,” Andrew Shikiar, CEO of the FIDO Alliance, told WIRED ahead of Monday’s announcements. “And when it comes to CXP, we have all these companies who are fierce competitors willing to collaborate on credential exchange.”

CXP comprises a set of draft specifications developed by the FIDO Alliance’s “Credential Provider Special Interest Group.” Development of technical standards can often be a fraught bureaucratic process, but the creation of CXP seems to have been positive and collaborative. Researchers from the password managers 1Password, Bitwarden, Dashlane, NordPass, and Enpass all worked on CXP, as did those from the identity providers Okta as well as Apple, Google, Microsoft, Samsung, and SK Telecom.

The specifications are significant for a few reasons. CXP was created for passkeys and is meant to address a longstanding criticism that passkeys could contribute to user lock-in by making it prohibitively difficult for people to move between operating system vendors and types of devices. In many ways, though, this problem already exists with passwords. Export features that allow you to move all of your passwords from one manager to another are often dangerously exposed and essentially just dump a list of all of your passwords into a plaintext file.

It’s gotten much easier to sync passkeys across your devices through a single password manager, but CXP aims to standardize the technical process for securely transferring them between platforms so users are free—and safe—to roam the digital landscape. Importantly, while CXP was designed with passkeys in mind, it is really a specification that can be adapted to securely exchange other secrets as well, including passwords or other types of data.

share Paylaş facebook pinterest whatsapp x print

Similar Content

Why It Matters That JD Vance's Financial Adviser Posted About Drug Use on Reddit for Years
Why It Matters That JD Vance’s Financial Adviser Posted About Drug Use on Reddit for Years
69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail
69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail
India-Australia Test series: How India's first Australia tour almost did not happen
India-Australia Test series: How India’s first Australia tour almost did not happen
'Taking revenge on society': Deadly Zhuhai car attack sparks questions in China
‘Taking revenge on society’: Deadly Zhuhai car attack sparks questions in China
Australian social media ban on under-16s approved by Senate
Australian social media ban on under-16s approved by Senate
The Best Black Friday Mattress Deals That Are Still Available
The Best Black Friday Mattress Deals That Are Still Available
24/7 Headlines | © 2024 | News