BERLIN: Passkeys, the user-friendly, passwordless login procedure touted as the successor to the passwords we still manually type in today, is getting a long-awaited feature.

Anyone who has set up a passkey on one device can now easily move it (in encrypted form) between different devices, operating systems or password managers.

To this end, the responsible Fido Alliance has announced new specifications for the import and export of passkeys: the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF).

Industry giants like Apple, Google, Microsoft and Samsung as well as manufacturers of password managers such as 1Password, Bitwarden, Dashlane, Enpass and Nordpass are involved in the development of the specifications.

As such, broad software support for the import and export of passkeys across programmes and operating systems is to be expected.

How do passkeys work?

At the heart of passwordless authentication is the so-called public key cryptography with two key pairs. One private key is stored by the user. The other – public – key is stored by the service provider, in this case Google.

After creating a passkey for your Google account, for example, you can in future log in by simply selecting that passkey without having to provide a username and a password anymore.

To make sure only you can use the key, you will then be asked to unlock your device with a biometric sensor like a fingerprint or facial recognition, a PIN code or a pattern, which you can use for all passwordless logins.

If you want to enable passkeys for your Google account, you have to enable the function in the account settings. In addition, your browser and, if needed, the operating system also have to support passkeys.

Google says "passkeys are intended to be used through operating system infrastructure that allows passkey managers to create, backup, and make passkeys available to the applications running on that operating system."

Android, Chrome, Windows and Apple iOS

Google has been developing the feature on Chrome for some time. The same applies to Android (from version 9), where the passkeys are stored in the Google Password Manager. The programme also allows you to synchronise your passkeys between different Android devices which are signed into the same Google account.

Passkeys are also supported by Microsoft for Windows and by Apple for macOS and iOS. Here, logging into your Google account becomes somewhat more complex, however.

Passkeys created on iOS devices or in Safari on macOS, for example, are stored in the iCloud keychain. Chrome used on Windows saves passkeys in Windows Hello. Passkeys created in Chrome on Android end up – as already mentioned – in the Google Password Manager.

Now, however, it is also possible to synchronise passkeys across devices and operating systems without difficulty. – dpa