"Passkeys are pretty great. The tech is solid, based on well-established, secure cryptographic principles, and the ease of use is through the roof compared to remembering traditional passwords. In case you are not in the know, the passkey paradigm has you generating a secure private key that you keep locally on your device and a corresponding public key that you give out to websites/services/apps you want to log into. Once you actually want to log in, all you need to do is authenticate on your device securely through something like a biometric lock (fingerprint, Face ID) to "prove" that you own a certain public key."
"There is a potential catch, though - what if you change the device your private key is stored on, like your phone breaks or you just get a new one? There has to be a convenient and secure way to transfer that private key instead of having to generate a new pair and send out the public key again all over the place. Indeed, there is. It is called the Credential Exchange Protocol (CXP), and it is a developing industry standard championed by the FIDO Alliance."
"If you use an iOS 26 or macOS 26 device or one of the bigger password managers out there, notably Bitwarden and 1Password, then you already have access to CXP and passkey migration from one device to another. Despite being among the CXP backers, Google has yet to officially implement CXP into Google Password Manager and, by extension, Android itself."
"Well, our colleagues over at Android Authority managed to activate a still hidden interface within Google Password Manager that allows both importing and exporting passkeys. This is important since on Android devices, CXP transfer relies on Google Play Services and the Google Password Manager to actually shuffle keys between providers. So, this proves that the"
Passkeys rely on secure cryptographic principles and remove the need to remember and type passwords. A private key is generated and stored locally on a device, while a corresponding public key is shared with websites, services, or apps for authentication. Logging in requires securely authenticating on the device, such as using biometrics, to prove ownership of the public key. When a device changes, passkey migration must transfer the private key without forcing regeneration and re-registration. The Credential Exchange Protocol (CXP) provides this migration mechanism and is promoted by the FIDO Alliance. iOS 26, macOS 26, and major password managers like Bitwarden and 1Password already support CXP, while Google’s implementation in Google Password Manager and Android has not been officially released. Android Authority found a hidden interface in Google Password Manager that enables importing and exporting passkeys, indicating that Android’s migration path depends on Google Play Services and Google Password Manager.
#passkeys #credential-exchange-protocol-cxp #device-migration #fido-alliance #google-password-manager
Read at GSMArena.com
Unable to calculate read time
Collection
[
|
...
]