Passkeys will soon be easy to transfer between different platforms and devices

Passkeys are going to take the place of standard passwords as the authentication method of the future. They have a number of benefits. They do away with the necessity of creating and remembering passwords, to start. A single passkey cannot be used to access more than one website or application because they are specific to each one. They become more secure and impervious to phishing efforts as a result.

All of the big internet companies have been using the passkey standard for authentication for the past few years. Passkey authentication is already supported by Microsoft, Google, Apple, Meta, and other companies in their goods and services. In reality, passkeys are currently used to access over 12 billion internet accounts.

A working draft of new specifications that will make it simple for users to transfer passkeys and other credentials across service providers was recently released by the FIDO Alliance. Currently, passkey exchange is not supported by Apple or Google, thus you cannot transfer a passkey made on an iOS device to an Android device.

Users will benefit from improved interoperability as credential providers like Apple and Google embrace these new guidelines. By safely transferring their passkeys, they can select the credential management platform of their choice. The Credential Provider Special Interest Group of the FIDO Alliance, comprising representatives from 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung, and SK Telecom, developed these specifications.

The FIDO Alliance announced the new specification for safe passkey transfer in a press release that said:

FIDO Alliance's draft specifications – Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) – define a standard format for transferring credentials in a credential manager, including passwords, passkeys, and more, to another provider in a manner that ensures transfers are not made in the clear and are secure by default.

The FIDO Alliance made it clear that these working draft standards are meant to be reviewed and commented upon, not to be put into practice. This is because the specifications are subject to change in response to input.