The War on Passwords: A Major Step Towards a Passwordless Future

The innovative technology designed to eliminate passwords, known as “passkeys,” has gained popularity over the last two years. It was developed by the tech industry group called the FIDO Alliance as a more user-friendly and secure alternative for authentication. While replacing a deeply rooted system like passwords is a challenge, newly launched features and tools this week may be driving passkeys toward a significant breakthrough.

During the FIDO Alliance’s Authenticate Conference held in Carlsbad, California, researchers are unveiling two initiatives that aim to simplify the integration of passkeys for organizations and enhance user accessibility. One of these is a new technical specification called the Credential Exchange Protocol (CXP), which will allow passkeys to be transferred across different digital environments, a capability users have increasingly requested. The second initiative is a site named Passkey Central, where developers and system administrators can access resources such as metrics and implementation guides, facilitating the inclusion of passkeys in existing digital platforms.

“Both announcements reflect the industry’s collective effort to reduce our reliance on passwords,” stated Andrew Shikiar, CEO of the FIDO Alliance, in comments to WIRED prior to Monday’s announcements. “In the case of CXP, we see numerous companies, often fierce competitors, collaborating on credential exchange.”

The CXP consists of a series of preliminary specifications created by the FIDO Alliance’s “Credential Provider Special Interest Group.” The process of developing technical standards can sometimes be complex and bureaucratic, but the establishment of CXP appears to have fostered a positive and cooperative atmosphere. Contributors to CXP included researchers from well-known password management services like 1Password, Bitwarden, Dashlane, NordPass, and Enpass, along with representatives from identity providers such as Okta, as well as tech giants like Apple, Google, Microsoft, Samsung, and SK Telecom.

The specifications hold great importance for several reasons. CXP was designed specifically for passkeys, addressing a persistent criticism that using passkeys could lead to user lock-in, making it exceedingly challenging for individuals to transition between different operating system vendors and device types. This issue, to some extent, already exists with traditional passwords. Transfer features that allow for the migration of passwords from one manager to another sometimes present significant risks, often simply exporting all passwords into a plaintext file.

While it has become easier to synchronize passkeys across devices via a single password manager, CXP seeks to establish a standardized technical process for securely transferring them across platforms, enabling users to navigate the digital realm freely and safely. Notably, although CXP was primarily conceptualized for passkeys, it is a versatile specification that can also facilitate the secure exchange of other sensitive information, such as passwords or various types of data.

“Looking ahead, this could extend to mobile driver’s licenses or passports—any confidential information you wish to export to one system and import into another,” explains Christiaan Brand, identity and security group product manager at Google, in an interview with WIRED. “While we’ve addressed most of the foundational issues concerning passkeys, the prevalent negative feedback over the past year has focused on portability and the risk of vendor lock-in. With this initiative, we aim to demonstrate that passkeys are evolving.”

The initiative known as Passkey Central aims to further support the growth and development of the ecosystem. Product leaders or security experts seeking to implement passkeys for their users may need to justify the budget to executives. The FIDO Alliance is committed to assisting them in making that case—offering data and communication materials—and supporting the deployment with ready-made resources like implementation guides, user experience design standards, accessibility documentation, and troubleshooting advice.

“We’ve made significant strides with passkeys,” states FIDO’s Shikiar. “The usability and user experience are nearly perfected. However, we still have a checklist of improvements to tackle, with portability being a key feature. While the major brands across the globe have adopted passkeys at scale, many smaller companies are yet to begin their journey. Therefore, we aim to provide them with the resources and tools necessary for their success.”

Craig Newmark Philanthropies’ Cyber Civil Defense coalition is contributing funding to support the advancement of passkeys. In a recent interview with WIRED, prior to Monday’s announcements, Newmark expressed his belief that passkeys could significantly enhance both the digital security of individuals and overall internet safety.

“Many systems out there are susceptible to attacks,” Newmark notes. “It’s critical to complicate the process for malicious attackers to bypass password protections. Enhancing security across the board is essential, and passkeys are a vital component of that effort.”

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

Get Ready for Xbox Partner Showcase on October 17: World Premieres and Live Viewing Guide!

Next Article

Destiny Rising RPG Announced: Exploring an Alternate Timeline in the Destiny Universe

Related Posts