Open authentication standards industry group FIDO Alliance has released a pair of specification drafts for Credential Exchange Protocol and Credential Exchange Format to advance the secure transfer of passkey across various providers and increase the adoption of cryptography-using authentication method, reports BleepingComputer.
While CXP details secure credential transfers via the Diffie-Hellman key exchange and hybrid public key encryption, CXF details a standard structure for such credential transfer, with JSON within ZIP being one of the proposed formats, according to FIDO Alliance, which created the drafts with the cooperation of its members and stakeholders, including Google, Bitwarden, NordPass, Dashlane, and 1Password. Organizations and other experts looking to aid in the development of both specifications have been urged to do so through the "fido-alliance / credential-exchange-feedback" GitHub page. While FIDO Alliance will continuously update the drafts to include newly added suggestions, it has yet to announce when both specifications will be finalized.
