FIDO Alliance Unveils New Draft Specifications for Secure Credential Exchange
The FIDO Alliance, a global industry association dedicated to eliminating the world’s reliance on passwords, today announced a major step towards enhancing the passkey user experience. In a move to promote greater user choice and flexibility, the Alliance has released draft specifications designed to standardize the secure exchange of passkeys and other credentials between providers.
The new specifications—Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF)—define a standardized method for transferring credentials securely. “Until now, there has been no standard for the secure movement of credentials, and often the movement of passwords or other credentials has been done in the clear,” notes the FIDO Alliance, emphasizing the importance of these advancements in credential security. By ensuring that credential transfers are encrypted and secure by default, FIDO aims to eliminate the risks associated with traditional methods, making it safer for users to switch between credential management platforms.
The specifications are a result of collaboration within the FIDO Alliance’s Credential Provider Special Interest Group, which includes industry leaders such as 1Password, Apple, Bitwarden, Google, Microsoft, and others. “The FIDO Alliance extends a special thank you to its members…for driving and contributing to this important specification,” highlighting the collective effort behind this major milestone.
One of the key drivers behind the development of these specifications is the growing adoption of passkeys, with more than 12 billion online accounts now accessible via passkeys. As FIDO points out, “sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75% faster, and 20% more successful than passwords or passwords plus a second factor like SMS OTP.” The rise in passkey adoption underscores the need for a standardized, secure method to transfer credentials, ensuring users have a seamless experience when switching providers.
While the draft specifications are not yet finalized, FIDO encourages community feedback. The working drafts are available for public review, with the Alliance stating that “Drafts are expected to be updated and published for public review often until the specifications are approved for implementation.” This collaborative approach is intended to refine the standards and ensure they meet the needs of both providers and users.
