Oct. 15 (Portaltic/EP) –
The FIDO Alliance is working on a new option that will allow users securely transfer your access keys between different credential management services, as is the case of 1Password, Apple, Google, Microsoft or Samsung, among others.
The body in charge of managing the passwordless login standard continues to develop new options for offer the user an improved experience with the use of access keys or ‘passkeys’. Specifically, adding a function with which will facilitate the possibility of choosing which services to use for managing access codes at all times.
In this sense, the FIDO Alliance has indicated that it is working on a new set of specifications that, once adopted by credential providers, will allow the secure exchange of access keys between these services, so that users can go to use your credentials on any management platform with an open ecosystem.
As the organization has pointed out in a statementthis is an option designed to promote the user’s choice between the different credential management services, as well as to “reduce technical barriers” in relation to access codes.
“It is essential that users can choose the credential management platform of their choice and switch credential providers securely and seamlessly,” The organization has ruled, while pointing out that, until now, these credential provider changes have been made in an unencrypted way, endangering the security of user credentials.
To offer this exchange safely, the organization has published a draft working with the new set of specificationswhich has been the result of the “commitment and collaboration” of the FIDO Alliance Credential Providers Special Interest Group.
Specifically, this group is made up of representatives of the services 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung and SK TelecomTherefore, users will be able to change their credentials between these services securely.
With all this, the preliminary specifications for the secure exchange of access keys included in the draft are based on a Credential Exchange Protocol (CXP) and in a Credential Exchange Format (CXF).
As explained by the organization, these guidelines define a standard format for transferring credentials from one administrator to another provider, including passwords and passkeys, in a way that “ensures that transfers are clear-cut and secure by default.”
Thus, once these specifications are standardized, they will be available for credential providers to implement in their services, so that users can get a safe experience if they decide to change services. However, for now, the specifications are open in draft so that suppliers can make comments and correct errors.
Likewise, the FIDO Alliance has recalled that, currently, more than 12 billion online accounts can be accessed with access codes. In this framework, he stressed that this new option of Credential sharing is useful to help further accelerate the adoption of ‘passkeys’, something relevant given that they help reduce the risks of cyberattacks such as ‘phishing’ and eliminate the reuse of credentials.
In fact, as the organization has pointed out, access codes make users logins are up to 75 percent faster and 20 percent more successful than passwordsincluding passwords with two-factor login.
Add Comment