Currently, the technology of passkeys limits their presence in the software ecosystem of only one developer – as a result, users are forced to create duplicates of them to log into one system.
Access keys are the most successful attempt to date to rid humanity of traditional passwords; And now the technology industry is looking to fix one of the shortcomings of this solution by providing the ability to export and import access keys when moving them from one platform to another. The technology’s organization, the FIDO Alliance, announced a new initiative to “securely move access keys” between service providers and presented draft specifications for an updated protocol and access key data exchange.
«Secure sharing of credentials is a priority for the alliance because it can improve the user experience, but until now there has been no secure way to share this information between providers,” the organization said in a statement. Now users can create access keys using software solutions from Apple, Google and Microsoft, as well as password manager platforms. Ideally, it would be possible to sync the same set of keys across different platforms, but for now they are limited by each company’s software ecosystem, which means that you have to create duplicate keys to log into the same account.
This limitation is currently circumvented using QR codes, but the FIDO Alliance aims to ensure full interoperability by “eliminating any technical barriers” associated with passkey technology. “It is critical that users can choose their preferred credential management platform and securely change credential [system] providers without restrictions,” the organization said in a statement. The draft specification promises encrypted export and import of access keys, although in its current form it uses an unprotected plaintext CSV file; It is also expected to deploy tools that will prevent hackers from abusing the mechanisms for transferring access keys.
It will take some time for the FIDO Alliance to solidify the specifications and subsequently enable commercial deployment, but they will eventually be open and available for adoption by credential vendors so that users can change them securely and easily. The association accepts feedback on the draft specifications on the GitHub platform – 1Password, Bitwarden and Google have already contributed to the project.