Passkeys make moving to Android harder, but not for long


With all relevant operating systems now natively supporting passkeys, companies have been increasingly adopting them as an alternative to passwords. Relying on passkeys minimizes the risk of getting hacked, as users don’t have access to their cryptographic keys, and intercepting them is significantly more challenging. However, those switching between different service providers may prefer traditional passwords, as there’s currently no easy way to import or export passkeys. To minimize the friction separating distinct platforms, the FIDO Alliance is working on a solution that makes moving passkeys between them a breeze.

The FIDO Alliance has published (via Neowin) a working draft encompassing specifications that would make moving passkeys between providers possible. When implemented, users would be able to securely import and export their passkeys, making switching platforms less challenging. The press release reads:

FIDO Alliance’s draft specifications – Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) – define a standard format for transferring credentials in a credential manager including passwords, passkeys, and more to another provider in a manner that ensures transfers are not made in the clear and are secure by default.

When an Apple user creates a passkey on iOS, for example, they can access it on iPadOS and macOS — thanks to iCloud sync. However, if they switch to Android, they’ll need to manually create a new passkey for each website on the new phone, as Apple doesn’t offer an Android client for its Passwords app. This makes moving between different password managers or operating systems more troubling and further locks users in.

The new specifications for moving passkeys should come into effect through future software updates. Until then, you could rely on a cross-platform password manager to access your passkeys on all your devices and avoid being limited to a single company’s products.



Source link