4 Minutes
Passkeys were supposed to make logging in painless. In one sense, they did. They are faster, safer, and far less annoying than passwords. But they came with a catch that many users only notice when it is already too late: once your passkeys are set up inside one ecosystem, moving them elsewhere can feel like starting over from zero.
That may soon change on Android. A hidden version of Google Password Manager uncovered by Android Authority shows that Google is working on passkey import and export support, a feature that could remove one of the biggest barriers holding passkeys back from wider adoption.
The discovery is more than a mockup. According to the report, the interface is functional, not just buried code or unfinished design. Existing password settings inside Google Password Manager appear to be evolving to handle passkeys too, which suggests Google is building portability directly into the same experience Android users already know. It is not available publicly yet, but the groundwork looks real.
The part nobody liked about passkeys
For all their security benefits, passkeys have had an awkward weakness. They sync neatly across your own devices if you stay inside the same platform. Leave that platform, though, and the convenience disappears fast. Switch from Google Password Manager to Bitwarden, for example, or move to another ecosystem, and you are often forced to revisit every account and register a fresh passkey one by one. That is not just tedious. It is exactly the kind of friction that pushes people back toward old habits.
The new import and export flow on Android appears designed to solve that headache in one move. Instead of manually resetting credentials site by site, users would be able to transfer passkeys between supported password managers through a dedicated system prompt. Android Authority says it tested the feature with Bitwarden, and the transfer worked.
Under the hood, the system uses the Credential Exchange Protocol, or CXP, a standard backed by the FIDO Alliance. That matters because passkey portability is only useful if it remains secure. CXP is meant to let credentials move safely between trusted apps without exposing them in the process.
Google also seems to be building in a hard stop for unsafe transfers. If an app does not meet the required security standards, the export can be blocked altogether. The warning message is blunt: export blocked for your protection. That kind of safeguard is likely to be essential if Google wants users to trust moving sensitive login credentials between services.
The timing makes sense. Apple has already rolled out passkey portability in iOS 26 and macOS 26, while services such as Bitwarden and 1Password have moved ahead with support as well. Google has publicly backed CXP for some time, so Android catching up feels less like a surprise and more like an overdue next step.
There is a broader angle here too. Google has spent months pushing passkeys as the future of authentication, often positioning them as the default replacement for passwords. That vision gets a lot more convincing if users are not locked into a single password manager forever. Once Google enables passkey export on Android, other services in the ecosystem, including options like Samsung Pass, could potentially plug into the same framework.
No release date has been announced. Still, if this feature ships as expected, it could quietly become one of the most important Android security upgrades of the year. Not flashy. Not loud. Just genuinely useful.
Leave a Comment