New Passkey Specifications Will Let Users Import and Export Them (9to5mac.com)
(Monday October 14, 2024 @11:30PM (BeauHD)
from the user-friendlier dept.)
- Reference: 0175252261
- News link: https://it.slashdot.org/story/24/10/14/2337227/new-passkey-specifications-will-let-users-import-and-export-them
- Source link: https://9to5mac.com/2024/10/14/new-passkeys-import-export/
9to5Mac's Filipe Esposito reports:
> Passkeys were introduced two years ago, and they replace traditional passwords with more secure authentication using a security key or biometrics. To make the technology even better, the FIDO Alliance published on Monday new specifications for passkeys, which ensure a way to let users import and export them. Currently, there's no secure way to move passkeys between different password managers. For example, if you've stored a specific passkey in Apple's Passwords app, you can't simply move it to 1Password, or vice versa. But that will change soon.
>
> As [1]just announced by the FIDO Alliance, the new specifications aim to promote user choice by [2]offering a way to import and export passkeys . The draft of the new specifications establishes the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) formats for transferring not only passkeys, but other types of credentials will also be supported. The new formats are encrypted, which ensures that credentials remain secure during the process. For comparison, most password managers currently rely on CSV files to import and export credentials, which is much less secure.
[1] https://fidoalliance.org/fido-alliance-publishes-new-specifications-to-promote-user-choice-and-enhanced-ux-for-passkeys/
[2] https://9to5mac.com/2024/10/14/new-passkeys-import-export/
> Passkeys were introduced two years ago, and they replace traditional passwords with more secure authentication using a security key or biometrics. To make the technology even better, the FIDO Alliance published on Monday new specifications for passkeys, which ensure a way to let users import and export them. Currently, there's no secure way to move passkeys between different password managers. For example, if you've stored a specific passkey in Apple's Passwords app, you can't simply move it to 1Password, or vice versa. But that will change soon.
>
> As [1]just announced by the FIDO Alliance, the new specifications aim to promote user choice by [2]offering a way to import and export passkeys . The draft of the new specifications establishes the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) formats for transferring not only passkeys, but other types of credentials will also be supported. The new formats are encrypted, which ensures that credentials remain secure during the process. For comparison, most password managers currently rely on CSV files to import and export credentials, which is much less secure.
[1] https://fidoalliance.org/fido-alliance-publishes-new-specifications-to-promote-user-choice-and-enhanced-ux-for-passkeys/
[2] https://9to5mac.com/2024/10/14/new-passkeys-import-export/
Less Secure (Score:2)
by Sir Realist ( 1391555 )
"...CSV files to import and export credentials, which is much less secure."
I was trying to come up with a joke, but I got nothin funnier than that titan of an understatement.
Re: (Score:2)
by jddj ( 1085169 )
...or alternatively in raw SQL";DROP TABLE passkeys;
Now maybe Apple will quit badgering me... (Score:2)
by jddj ( 1085169 )
...to turn on iCloud keychain, which i #donotwant
Good and bad (Score:4, Insightful)
> ... import and export them.
The inability to copy passkeys was originally touted as a benefit. Unfortunately that means, there always needs to be less secure means of authentication because hardware-based authentication must be replaced, sooner or later. This fixes that problem, returning us to all the old problems with authentication technology.
> ... formats for transferring not only passkeys, but other types of credentials ...
We've had TOTP for 12 years, why did it take so long to make a necessary and much-needed inter-change standard?
Re: (Score:2)
TOTP, as in Google Authenticator does have the ability to do backups, as it is just a shared secret. Most PW managers allow easy export and backups of that.
PassKeys, on the other hand, are public/private keys. Unlike TOTP, where the hashing is symmetric, the security with PassKeys is public key. It also is highly resistant against [1]phishing attempts [apple.com]. Normally they are bound to devices and can't get backed up. However, some apps like 1Password can back those up and allow them to work on different hardwar
[1] https://support.apple.com/en-us/102195#:~:text=Passkeys%20are%20a%20standard-based,there%20are%20no%20shared%20secrets.
Re: (Score:2)
What could possibly go wrong indeed?
Re: (Score:2)
"Non-exportable passkeys" are pretty simple: Use a YubiKey. The 5C NFC works on pretty much everything, and in most cases, is indistinguishable from a software passkey.