FIDO’s New Specifications Allow Secure Transfers Without Passkey Lock-In

Passkeys are set to revolutionize the authentication landscape, likely replacing traditional passwords altogether. The benefits they present are significant. To begin with, passkeys remove the hassle of creating and remembering passwords. Each passkey is exclusive to a specific website or application, meaning that no single passkey can provide access across multiple services. This design greatly improves security and makes passkeys highly resistant to phishing attacks.

In recent years, leading tech giants have fully embraced the passkey standard for user authentication. Companies like Microsoft, Google, Apple, and Meta have integrated passkey authentication into their offerings. Currently, more than 12 billion online accounts can be accessed using passkeys.

The FIDO Alliance has recently unveiled a draft of new specifications aimed at facilitating the seamless transfer of passkeys and credentials across different service providers. At the moment, transitioning a passkey from an iOS device to an Android device is not possible due to a lack of support for passkey exchange between Apple and Google.

Once these proposed specifications are adopted by credential providers such as Apple and Google, users will benefit from enhanced interoperability, empowering them to choose their preferred credential management systems while securely transferring their passkeys.

In a press release regarding the introduction of these specifications for secure passkey transfer, the FIDO Alliance asserted:

The FIDO Alliance pointed out that these draft specifications are currently open for public review and feedback and are not designed for immediate implementation, as modifications may occur based on the insights gathered. For further details, you can explore the specifications on the FIDO Alliance website.

Source