In the realm of smartphone users, the process of transferring digital credentials between different management apps has long been a tedious and insecure task. Typically, this involves exporting a vault into a plaintext CSV file, leaving sensitive information vulnerable. However, a new technical standard is revolutionizing the way data moves between platforms. Dashlane has recently introduced the implementation of the FIDO Alliance’s Credential Exchange (CX) specifications for Android.
This groundbreaking development aims to eliminate the risks associated with file exports by establishing a direct, encrypted transfer protocol between applications. Unlike the traditional method of exporting a vault as a plaintext CSV file, which exposes passwords, notes, and credit card numbers, this new system reduces the chances of local data theft during a transition.
The transition towards this innovative protocol is a response to the evolving needs of the industry. Passkeys, which are cryptographic credentials, offer a higher level of security compared to conventional passwords. These credentials are tied to specific hardware or encrypted environments, making it impossible to copy them into a basic spreadsheet for manual transfer.
The Credential Exchange protocol facilitates a secure “handshake” between two apps, enabling the seamless transfer of complex credentials without compromising their cryptographic integrity. This ensures that users who have embraced passwordless logins are not restricted to a single provider due to the lack of a secure way to export their keys.
While this technology is now live on the Dashlane app for Android, there is a common challenge that needs to be addressed in the industry: interoperability. For a direct transfer to be successful, both the sending and receiving apps must support the same FIDO standard. At present, several major players, such as Google Password Manager and other popular third-party managers, are in the process of incorporating these specifications. Once they catch up, users will be able to leverage this infrastructure for a secure transition. Until then, the less secure traditional CSV method remains the only option in certain cases.
In conclusion, Dashlane has taken a significant step by becoming the first password manager to implement the FIDO Credential Exchange on Android. This move signifies a shift towards a more secure and efficient method of transferring digital credentials between apps, paving the way for enhanced data protection and user convenience in the digital realm.