This document discusses passkey providers and enabling credential portability. It notes there are different types of passkeys like synced, local device, and security keys. It also discusses credential providers and the need for an export/import process that is encrypted with a common data format to allow secure portability between providers. The document proposes standards for a secure credential exchange format and protocol to enable this kind of migration between passkey and credential providers.

1. © FIDO Alliance 2024
1 © FIDO Alliance 2024 Confidential
1
Passkey Providers and
Enabling Portability
Rew Islam, Dashlane

2. © FIDO Alliance 2024
2
Rew Islam
Dashlane
Co-chair of the FIDO Credential Provider
Special Interest Group
FIDO Board Member representative
Working on all things passwordless

3. © FIDO Alliance 2024
3

4. © FIDO Alliance 2024
4
Chat:
BadActor6324: Hey
InnocentVictim234: Hello
BadActor6324: Do you want a free upgrade?
InnocentVictim234: Errr… ok… why not…
BadActor6324: Try this, it works! https://www-
roblox.com/upgrade
InnocentVictim234: Lemme try…

5. © FIDO Alliance 2024
5

6. © FIDO Alliance 2024
6
roblox.com
www-roblox.com
😱 😭

7. © FIDO Alliance 2024
7
7
✅ No shared secrets
✅ Origin binding
✅ Universal availability

8. © FIDO Alliance 2024
8

9. © FIDO Alliance 2024
9
Flavours of passkeys 🍦
Synced passkeys Local device passkeys Security Keys

10. © FIDO Alliance 2024
10
Flavours of passkeys 🍦
Synced passkeys Local device passkeys Security Keys
Third party providers
iCloud Keychain
Google Password
Manager
Windows Hello
(Chrome on macOS)
Yubikeys
Thales SafeNet keys
Google Titan keys

11. © FIDO Alliance 2024
11
Credential providers Platform vendors Security keys
Passkey providers 📦

12. © FIDO Alliance 2024
12
Platform pluggability
iOS, macOS (Safari)
Android
Browser extensions
Chrome
Firefox
Edge

13. © FIDO Alliance 2024
13
Export Import

14. © FIDO Alliance 2024
14

15. © FIDO Alliance 2024
15
All credential providers allow export/import of passwords
⚠️ Export file is in plaintext
⚠️ No agreed format
⚠️ No support for synced passkey export today
Credential portability today

16. © FIDO Alliance 2024
16
⏺ Accommodate both consumer and enterprise use cases
⏺ Export must be encrypted
⏺ Common data format
Enterprise
Consumer
Design goals

17. © FIDO Alliance 2024
17
Inspired by
Diffie–Hellman
key exchange
Secret Secret

18. © FIDO Alliance 2024
18
9:42 🔋📶
Import passwords and
passkeys from another
provider
Import
Skip
9:42 🔋📶
Import passwords and
passkeys from another
provider
Import
Skip
Import from
1Password
Another device…
Dashlane
9:42 🔋📶
Do you want to export
your passwords ?
Export
Skip
9:42 🔋📶
Your passwords and
passkeys were imported
successfully!
Close
1 2 3 4

19. © FIDO Alliance 2024
19
9:42 🔋📶
Import passwords and
passkeys from another
provider
Import
Skip
Import from
1Password
Another device…
Dashlane
⏺ Export encrypted ✅
⏺ Common data format ✅
⏺ Accommodates enterprise use cases ✅
Secure credential portability standards

20. © FIDO Alliance 2024
20
Exchange Data
Format
Credential
Exchange Protocol
Secure credential portability standards

21. © FIDO Alliance 2024
21
21
Phishing Passkey flavours
&
provider
landscape
Secure
migration
Wrap up…
🍦
🍦
🍦

22. © FIDO Alliance 2024
22 © FIDO Alliance 2024 Confidential
22
Questions & Answers

23. © FIDO Alliance 2024
23 © FIDO Alliance 2024 Confidential
23
Thank you