Passkey Lock-In Has Been the Hidden Dealbreaker
Passkeys promise a future beyond passwords, using cryptographic keys and device biometrics instead of memorised strings. Yet one problem has quietly stalled adoption: once you created passkeys in a particular password manager, you were effectively stuck there. Unlike traditional passwords, which export easily as text files, passkeys were tied to a specific ecosystem, making it painful to switch apps without recreating login credentials site by site. Even security-conscious users who liked the technology hesitated to commit, fearing they would lose access or be locked into a single vendor. Industry bodies such as the FIDO Alliance responded by defining standards for moving passkeys between apps securely. That work is now bearing fruit, and the emerging passkey import export ecosystem is starting to look much more like the familiar portability people expect from modern password managers.
Google Password Manager on Android Prepares Passkey Import and Export
Google is quietly testing new passkey management features inside Google Password Manager on Android. Hidden options uncovered in the app’s settings replace the current “Import passwords” and “Export passwords” entries with “Import passwords & passkeys” and “Export passwords & passkeys,” signalling full support for passkey import export workflows. Early testing shows the interface already works: when you tap to import, you’re prompted to select the password manager that currently stores your credentials. Export is more contextual; rather than a raw file dump, Android appears set to prompt you to transfer passkeys when you open another compatible password manager, letting Google’s system broker a secure exchange between apps. Because Android’s broader Credential Exchange Protocol support depends on Google Play Services and Google Password Manager, this interface is a key step toward letting users move passkeys between apps across the entire platform.
Apple Passwords Shows What Full Passkey Portability Looks Like
Apple’s built-in Passwords app already demonstrates how smooth passkey portability can be. On devices running the latest iOS and macOS releases, you can open Passwords, choose “Export Data to Another App,” and then select specific logins that contain passkeys or simply export everything. The system then presents a list of supported third-party password managers, such as 1Password and Bitwarden, and hands off the data securely. This import/export flow is powered by the same FIDO-backed standards that Google is now embracing, and it has been enough to convince some previously reluctant users to fully adopt passkeys. Knowing that you can move passkeys between apps without manually recreating each credential eliminates a major psychological and practical barrier. Apple’s implementation effectively serves as a real-world proof of concept for password manager portability, showing that vendor lock-in doesn’t have to be the price of stronger authentication.
Credential Exchange Protocol Brings Cross-Platform Passkey Freedom
Under the hood, this new flexibility is driven by the Credential Exchange Protocol (CXP), an emerging standard promoted by the FIDO Alliance. CXP defines how one password manager can securely hand off passkeys to another without exposing private keys or weakening security guarantees. Major players like Apple, Google, Bitwarden and 1Password are now aligning around this model, which means passkey migration can work consistently across different devices and apps. On Android, CXP-based transfers will rely on Google Play Services and Google Password Manager to route keys between providers, while Apple’s platforms already ship a working implementation inside the Passwords app. As more services integrate these passkey management features, moving accounts should feel less like starting from scratch and more like a routine migration—critical for people juggling multiple devices and ecosystems.
Why Passkey Portability Changes the Future of Authentication
Making it easy to move passkeys between apps removes one of the last big reasons to delay switching from passwords. When users can export passkeys from a built-in manager to a specialised app—or vice versa—without losing access, password manager portability starts to resemble what we already enjoy with email or files. That, in turn, encourages people to adopt passkeys more broadly, since there is no longer a long-term penalty for choosing the “wrong” app today. For providers, it raises the stakes: they can no longer rely on lock-in and must compete on usability, security extras and cross-platform sync. Combined with phishing resistance and biometric convenience, seamless passkey import export support could push passkeys from niche feature to default login method, finally realising the industry’s vision of safer, passwordless authentication that works across all your devices.
