What’s actually happening here
Google is testing a built-in way to move passkeys in and out of its Password Manager on Android, according to a new report that managed to activate the hidden feature on a live device.Inside Google Password Manager’s settings, the usual “Import passwords” and “Export passwords” options are quietly getting upgraded to “Import passwords and passkeys” and “Export passwords and passkeys.” You pick a supported password manager (Bitwarden showed up in testing) and move your stored items over without starting from scratch.
Prompts for exporting passwords and passkeys on Android. | Images by Android Authority
The tech making this possible
This isn’t a brand new idea. We covered the groundwork back when the FIDO Alliance first announced it would be possible, in our coverage of a universal way to move passkeys across services. The technology underneath is called the Credential Exchange Protocol, or CXP, and it’s what makes the secure handoff between apps actually work.
Google has not flipped the switch publicly yet, so there’s no timeline. The feature also only works with password managers that support CXP, but the backers include heavy hitters like Google, Apple, Samsung, and Bitwarden, so most users will be covered.
Why Google is showing up late to its own party
Apple already shipped this exact capability with iOS 26 and macOS 26 last year. iPhone users have been moving their passkeys to Bitwarden, 1Password, or any other CXP-compatible manager for months now.Android users have been stuck. You could create passkeys and sync them across your own Google devices; however, leaving Google Password Manager meant deleting them and starting over on the new app. That’s not portability, that’s a soft form of lock-in dressed up as security.
This is also the company that built Android, the platform passkeys were supposed to make easier. Watching Apple ship the portability piece first, on a closed ecosystem famous for not playing nice with anyone, is not a great look.
What this really means for the rest of us
Passkeys are sold as the future of logins, and on paper they absolutely are. They’re phishing-resistant, they tie to your biometrics, and they fix the “I reused the same password for six years” problem most people quietly live with.I still lean on Google Authenticator for most of my secure logins, so I haven’t hit the passkey portability wall myself. It’s become very evident, however, that this has been one of the loudest complaints from people who went all in on passkeys early. You don’t truly own a credential if you can’t take it with you.
If Google ships this, it stops being a marketing line and starts being a real feature. That’s the version of passkeys I’d actually be willing to switch to.
Want more hot takes and behind-the-scenes coverage? Follow me on X at https://www.x.com/jojothetechie and Threads at https://www.threads.com/@jojothetechie.
