Identity & Access

Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users

FIDO Alliance has published new specifications for securely moving passkeys across providers, as Amazon announced 175 million passkey users.

Passkey bypass

The FIDO Alliance this week published a working draft for a new set of specifications for securely moving passkeys and other credentials across providers.

The goal of the new secure credential exchange specifications is to further accelerate passkey adoption and enhance user experience. 

Companies such as 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung and SK Telecom have contributed to the development of these specifications. 

The new specifications are named Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), and they define a standard format for transferring passkeys, passwords and other credentials from one credential management platform to another. 

“Once standardized, these specifications will be open and available for credential providers to implement so their users can have a secure and easy experience when and if they choose to change providers,” the FIDO Alliance said.

According to the FIDO Alliance, more than 12 billion online accounts are currently accessible with passkeys, which are not only easier to use because they enable log-ins with biometrics or a screen pattern, but are also more secure because they cannot be stolen through phishing attacks.

Advertisement. Scroll to continue reading.

Amazon also had some news related to passkeys this week: the tech giant announced that more than 175 million of its customers are already using passkeys.

The company announced support for passkeys last year. Currently, passkeys can be used to access Amazon accounts on browsers and mobile shopping applications, as well as for the Audible audiobook service. 

“And this is just the beginning – we plan to gradually roll out passkeys to other Amazon apps and services over the next year,” Amazon said. 

Related: Google Now Syncing Passkeys Across Desktop, Android Devices

Related: Microsoft Adding New Security Features to Windows 11

Related: Google Adds Passkey Support to New Titan Security Key 

Related Content

Artificial Intelligence

AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. 

Privacy

Amazon’s smart doorbell maker Ring has terminated a partnership with police surveillance tech company Flock Safety.

Nation-State

Data from Chainalysis and Amazon offers a glimpse into North Korea’s cyber activities surrounding cryptocurrency theft and fake IT workers.

Malware & Threats

After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices.

Application Security

A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign.

Vulnerabilities

Amazon has seen a threat actor exploiting CVE-2025-20337 and CVE-2025-5777, two critical Cisco and Citrix vulnerabilities, as zero-days.

Identity & Access

Researchers at enterprise browser security firm SquareX showed how an attacker can impersonate a user and bypass passkey security. 

Identity & Access

Microsoft is prioritizing passwordless sign-in and sign-up methods, and is making new accounts passwordless by default.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version