Passkeys promise stronger security than passwords. Yet for years they trapped users inside one password manager. Google now appears ready to change that on Android devices.
Researchers at Android Authority activated a hidden interface inside Google Password Manager. The new options read “Import passwords & passkeys” and “Export passwords & passkeys.” They work. Users can soon shift credentials between apps without starting over.
But the rollout hasn’t begun. Google hasn’t flipped the switch for ordinary users. When it does, the change could reshape how people manage authentication across apps and even platforms.
Passkeys rely on public-key cryptography. Each site gets a unique key pair. The private key never leaves the device or synced storage. This design stops phishing cold. No shared secret exists for attackers to steal. Adoption has grown. Major sites support them. Still, one frustration persisted. Switch from Google Password Manager to Bitwarden or 1Password? In many cases you recreated every passkey by hand.
Apple fixed part of the problem. With recent iOS and macOS releases, users export passkeys to compatible third-party managers. Google lagged behind on Android despite leading passkey integration since 2022. The company syncs passkeys across signed-in devices through its manager. Cross-app movement stayed blocked. Until now.
Breaking the Lock-In
The mechanism draws from work by the FIDO Alliance. Last year the group published specifications for credential exchange. Companies including Google, Apple, and Samsung back the Credential Exchange Protocol, or CXP. It lets approved managers talk securely. Transfers happen only between trusted apps. Malicious ones get blocked.
In testing, the import flow asks which manager currently holds your credentials. Pick one from the list of installed supported apps. The system then pulls passwords, passkeys, and related data into Google Password Manager. Export works differently. No standalone button appears. Instead, opening another qualified manager triggers a prompt to transfer out. The process feels deliberate. Security checks run at each step.
Code in Google Play Services betas first hinted at this last year. Android Police reported on an APK teardown of version 25.13.31. References to import and export tools sat alongside warnings. One message reads: “Export blocked for your protection. The password manager you’re trying to export to doesn’t follow best practices.” Google takes no chances. Only compliant apps receive data.
Bitwarden appears in test screenshots. Other major managers that follow CXP should work too. The list remains small for now. Yet it covers the biggest names. Users who rely on 1Password, Proton Pass, or similar tools stand to gain flexibility.
And the timing matters. Passkey usage keeps climbing. Enterprises push them. Consumers grow tired of password resets. Google itself promotes automatic upgrades from passwords to passkeys on compatible sites. A May 2025 report from Android Police noted the feature rolling out. It converts credentials without explicit user permission in some cases. Convenience meets security. But only if users can take those new passkeys with them.
Portability questions extend beyond one phone. People switch ecosystems. Moving from Android to iPhone historically meant leaving passkeys behind or recreating them. Improved wireless transfer tools between the two platforms now handle apps, home screens, and files. Passwords travel too. Passkeys could follow once both sides support robust export. Google and Apple cooperate on some data migration. This feature advances that cooperation.
Security remains the priority. Passkeys stored in Google Password Manager use end-to-end encryption. Google cannot access the private keys. Device biometrics or PIN protect them. The new transfer system adds another layer. It verifies the destination manager meets standards before any data moves. No bulk export to random apps. The safeguards address fears that portability would weaken protection.
Experts at the FIDO Alliance have tracked this progress. Their specifications aim to give users choice without sacrificing safety. Google Play Services updates already contain direct references to passkey export and import tools. The infrastructure exists. Activation looks close.
Still, questions linger. When will Google release it publicly? Will every major password manager join the protocol quickly? How smooth will the experience feel outside lab conditions? The activated interface offers clues but not final answers. Screenshots from the test show clean flows. Selection screens list apps. Completion messages confirm success. Real-world performance could differ once millions of devices join in.
Third-party managers have waited for this. Many already support passkey creation and storage on Android if set as the default autofill service. Yet without easy migration, Google Password Manager enjoyed an advantage. Users hesitated to switch. The new tools remove that barrier. Choice expands. Competition improves. Everyone benefits.
Enterprise users watch closely too. Companies adopt passkeys for workforce authentication. They value centralized management. The ability to move credentials between approved solutions fits compliance needs. It reduces vendor lock-in at the authentication layer.
Google continues to refine its manager. Recent updates added PIN recovery options for passkeys. Sync now reaches Chrome on desktop. Automatic creation features nudge users toward passwordless logins. The import and export additions complete a broader push. Authentication grows more flexible while staying strict on security.
No one expects passwords to vanish overnight. Legacy systems remain. Many sites still require them. Yet the momentum builds. Each improvement in usability accelerates replacement. Passkeys work across phones, laptops, and browsers. They resist phishing better than any password. With transfer now possible, one of the last practical objections fades.
Android users stand at the edge of a practical upgrade. The code is written. The interface tested. Soon the option may appear in settings. When it does, check your installed managers. Make sure they meet the standards. Then move your credentials with confidence. The days of recreating passkeys could end faster than many predicted.
Recent coverage from TechRadar in April 2025 first highlighted the potential. Developments since then show steady progress. The feature isn’t science fiction anymore. It’s nearly here. And it could make passkeys truly practical for everyday users across the Android world.
Pingback: Google Opens Door For Passkey Transfers On Android - AWNews
Pingback: Google Opens Door For Passkey Transfers On Android - AWNews