The days of exporting passwords as CSVs are over, thanks to CXF files for passkeys

by · Android Police

Key Takeaways

  • FIDO Alliance introduces a new protocol, called CXP & CXF, for secure password and passkey transfers.
  • Passkeys are more secure than passwords, but difficult to transfer, while CSV files are notoriously vulnerable.
  • New protocols enable encryption & secure transfer of passkeys and passwords between password management providers.

It doesn't matter how secure your passwords are when you export them as a CSV file. That's the point where they can be intercepted and stolen. This has been the only way to export passwords, until now. A new protocol, called CXP, and a new format, CXF, have arrived to make password transfers secure and seamless.

Related

What is a passkey, and how is it different from a password?

Passkeys and their speedy encryption are already starting to replace passwords: Here are the big differences

The new set of specifications was announced by the FIDO Alliance to enhance security and the user experience (via Dashlane Blog). The new specifications, known as Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), will allow for standardization across the password protection industry.

The FIDO Alliance brought us passkeys

Sanuj Bhatia

The FIDO Alliance, a consortium of major players in the industry, including Google, Apple, Microsoft, and 1Password, is all about finding ways to make technology more secure. It brought us passkeys in 2022.

Passkeys are a passwordless method for logging in to your accounts. It uses a pair of cryptographic keys, one public and one private, in order to log in. The private one is kept on your device, and only you can use it when prompted. It usually takes either a fingerprint scan or a face ID. The public key is stored on the site for which you want to log in. If the private key and the public key match, you're let in.

Many places use passkeys now, as they are infinitely more secure than passwords. But one of the biggest issues holding back passkeys is how difficult they are to transfer. FIDO has removed a major obstacle with this new protocol.

Here's how the new protocol works

The passkeys, and any regular old passwords you use, can be encrypted in a CXF file. Then, using the new CXP (based on Hybrid Public Key Encryption, or HPKE), the file can be securely transferred. This means if you want to move your passwords and passkeys from one password manager to another, you can do it without worrying about its security or compatibility issues.

The new specifications are currently in a working draft phase. They are open to community review and feedback. They'll be available for all password managers to implement once the protocols are finalized, and we can finally get some security with our accounts.