Tech
FIDO Alliance Releases Draft Secure Credential Exchange Specifications | PYMNTS.com
The FIDO Alliance has released credential exchange protocols and a resource to promote the adoption of passkeys.
The new secure credential exchange specifications were published in a working draft and are open to community review and feedback; they are not yet intended for implementation, the open industry association said in a Monday (Oct. 14) press release.
When standardized and implemented by credential providers, they will enable users to securely move passkeys and other credentials across providers, according to the release.
Secure credential exchange can help accelerate passkey adoption and enhance the user experience, per the release.
“With this rising momentum, the FIDO Alliance is committed to enabling an open ecosystem, promoting user choice and reducing any technical barriers around passkeys,” the release said. “It is critical that users can choose the credential management platform they prefer, and switch credential providers securely and without burden.”
Another new offering from the FIDO Alliance is a web resource call Passkey Central that brings together actionable, data-driven content to help consumer service providers learn why and how to implement passkeys for consumer sign-ins.
Passkey Central includes an introduction to the technology, business considerations and metrics, internal and external communication materials, implementation strategies, user experience (UX) and design guidelines and troubleshooting, according to a Monday press release.
“The early adoption of passkeys has been remarkable and it is now time to help more service providers break their dependence on passwords,” FIDO Alliance CEO Andrew Shikiar said in the release. “Passkey Central will accelerate the use of passkeys by providing product leads and architects with independent and authoritative guidance on why and how to implement passkeys for their own website and services.”
Passkeys have emerged as a more secure alternative to traditional authentication methods, PYMNTS reported in April.
The passwordless technology was first introduced in 2022, is based on standards developed by the World Wide Web Consortium (W3C) and the FIDO Alliance, and has been championed by tech giants like Google, Apple, PayPal and eBay.
When the social media platform X announced the launch of passkeys as a login option for its U.S. iPhone users earlier this year, it said, “Since they are uniquely generated by your device, they are less vulnerable to security threats such as fraudulent, deceptive or unauthorized attacks.”