The FIDO alliance unveils CXP, a new standard which should make it possible to import and export passwords between different password managers. This solution is as secure as physical keys, while being much more practical!
Passwords are no longer a reliable protection system these days. Often too weak, reused on several sites and accounts, they can in fact be easily compromised after a successful phishing. Solutions have indeed been put in place to address these weaknesses, such as double authentication – which is not infallible – and password managers – which can be hacked – but the risks still exist, especially at this time. where pirates are showing more and more imagination.
It’s been a while since the Fast Identity Online (FIDO) alliance – a consortium of major technology companies, government agencies, service providers, financial institutions, payment processors and other industries, including Apple, Amazon, Microsoft, PayPal and Google – working on technology to eliminate the use of passwords: passkeys! And things are progressing at this level!
As she explains on his websitethe alliance has just developed a new standard allowing it to export and import its passkeys from one system to another: CXP (Credential Exchange Protocol). This is a file format that should make authentication keys more portable and improve compatibility between different platforms. Thus, passkeys will soon be able to be imported and exported between different password managers. A revolution!
By using passkeys, the user chooses a device – logically their smartphone – as the main authentication system on sites and applications. When registering or changing the connection method, the smartphone creates two encrypted keys: a public one which is sent to the service provider, and a private key which remains stored in the phone and will allow the website or The app authenticates it by unlocking the device via its smartphone authentication mechanism – PIN, pattern, facial recognition or fingerprint.
To simplify, instead of entering a password, just use the usual unlocking method on your main device. And that’s it! Note that the smartphone passkey can also be used to connect to a site via another device – such as your laptop. Simply scan the QR code displayed on the site with your smartphone.
CXP: a new standard for passkey portability
Many platforms such as Google, Apple, Microsoft and WhatsApp have already started to support passeskeys. However, an obstacle remains to their adoption. Until now, when we generate an access key, it is often linked to a particular device and is difficult to export in the event of a change of device or if we are juggling between several software ecosystems. But things should change very soon.
1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Otka, Samsung, and SK Telecom have joined forces to make the interoperability of their platforms possible. Thus, the CXP should make it possible to passkeys from the Apple password manager to that of Google, for example. A huge step towards cross-platform compatibility, which should allow passkeys to replace passwords. According to FIDO, more than 12 billion accounts are now secured using access keys. The freedom offered by the CXP standard should help convince the general public to adopt them and increase this figure very quickly.