How to Transfer Passkeys Between Different Password Managers?
You created your first passkeys six months ago. Life felt simpler. No more forgotten passwords. No more reset emails. Then you decided to switch password managers and discovered a frustrating truth. Your passkeys stayed behind. Unlike passwords, passkeys do not move with a simple CSV export file.
The landscape has changed dramatically since Apple, Google, Bitwarden, and Dashlane started rolling out real solutions in late 2025 and early 2026. The FIDO Alliance published new standards called the Credential Exchange Format and Credential Exchange Protocol. Major password managers now support direct app to app transfers.
This post walks you through every available method to move your passkeys from one password manager to another. You will learn which tools work today, which ones are still catching up, and how to handle accounts when direct transfers are not yet possible. Read on and free your passkeys.
Key Takeaways
- The FIDO Alliance Credential Exchange Format (CXF) now lets you move passkeys directly between supported password managers. Apple, Bitwarden, Dashlane, and 1Password all support this standard on iOS 26 and macOS 26. No CSV files. No plaintext risks.
- Dashlane and Bitwarden lead the pack as of early 2026. Both support direct passkey import and export on Apple devices and Android. 1Password supports export via Credential Exchange on iOS and Android but its desktop apps still lack this function.
- Google Password Manager and Microsoft still lag behind. Google is developing passkey transfer features but has not launched them widely. Expect progress through 2026.
- For password managers without Credential Exchange support, you can manually recreate passkeys one account at a time. This method works for every service and every manager. It takes effort but guarantees success.
- Always keep at least two passkeys active on critical accounts during a migration. This safety net prevents lockouts if something goes wrong during the transfer.
Why Moving Passkeys Is Harder Than Moving Passwords
Passwords are text strings. You type them. You copy them. You export them to a CSV file. A password manager reads that file and imports every entry. Passkeys work differently. Each passkey contains a private key that stays on your device and a public key that sits on the service’s server.
When you sign in, your device proves it holds the private key without ever sending it across the internet. This design makes passkeys phishing resistant and far more secure than passwords.
The security comes with a tradeoff. Passkeys are not simple text. You cannot copy and paste a private key. You cannot add it to a spreadsheet. For several years after passkeys launched, no universal format existed to package a passkey for export.
Every password manager stored passkeys in its own proprietary way. If you wanted to leave, your passkeys stayed locked inside. This created vendor lock in, exactly what the passwordless movement promised to eliminate.
The industry heard the complaints. In late 2023, 1Password, Dashlane, Bitwarden, and NordPass began collaborating on a solution. The FIDO Alliance formalized their work into two draft specifications. Apple became the first major platform to build these specs directly into an operating system with iOS 26 and macOS 26. The wall is finally coming down.
What Are CXP and CXF? A Simple Explanation
The FIDO Alliance introduced two standards to solve the passkey portability problem. The Credential Exchange Format (CXF) defines how passkeys get packaged for transfer. Think of CXF as a universal shipping box. No matter which password manager packs the box, any other manager that understands CXF can unpack it.
CXF uses a standardized JSON structure that includes the public key credential data, any associated usernames, website addresses, and notes. The format also supports passwords, TOTP codes, credit card details, and secure notes. CXF reached Review Draft status in March 2025 and is nearing final approval as a formal standard.
The Credential Exchange Protocol (CXP) defines how the shipping box travels between apps. CXP encrypts the CXF package end to end using Hybrid Public Key Encryption. It ensures no third party can read your passkey data during the transfer.
CXP matters most when moving credentials between different devices or over a network. For same device transfers on Apple platforms, the operating system handles the secure handoff directly. CXP remains a Working Draft with a target finalization in early 2026.
Together these two standards give you a safe and standardized way to move passkeys. Apple adopted CXF for same device transfers in its September 2025 OS releases. Dashlane added Android support in February 2026. The ecosystem is expanding month by month.
Which Password Managers Support Passkey Transfer Today
The support map changes quickly. As of May 2026, here is the current state of play. Apple Passwords supports exporting passkeys to third party apps on iOS 26, iPadOS 26, and macOS 26. You select your entries, choose a destination app, authenticate, and the transfer happens. Apple Passwords does not yet support importing passkeys from third party apps, only exporting them.
Bitwarden supports both import and export of passkeys via Credential Exchange on Apple devices. Its desktop and browser extension exports include passkeys inside JSON formatted vault exports. This gives you a backup path even without Credential Exchange on desktop. Bitwarden also supports Android import and export through its latest app updates.
Dashlane released Credential Exchange on iOS in September 2025 and on Android in February 2026. It supports importing from Apple Passwords, 1Password, Bitwarden, and any other app that uses the FIDO standard. Dashlane was one of the first to implement CXP on Android.
1Password supports Credential Exchange for exporting passkeys on iOS and Android. On the desktop side, 1Password’s CSV and 1PUX export formats still exclude passkeys for security reasons. The company has committed to full support and helped author the FIDO standards. Cross platform desktop support is expected but has no confirmed release date.
Google Password Manager is developing passkey import and export features. Code references appeared in early 2025. As of early 2026 the feature has not launched publicly. Google is a contributor to the CXF specification and will likely ship support during 2026.
NordPass and Keeper support passkey storage and usage but have not yet added Credential Exchange import or export. You can export passwords as CSV or JSON but passkeys remain locked inside each app for now.
Method One: Direct Transfer Using Credential Exchange on Apple Devices
This is the cleanest method available today. It works on any iPhone, iPad, or Mac running iOS 26, iPadOS 26, or macOS 26. Both the sending and receiving apps must support the Credential Exchange standard.
Start by updating both password manager apps to their latest versions. Open your source password manager. On Apple Passwords, tap the three dot menu and choose Export Data to Another App.
Select the items you want to transfer. Passkeys appear alongside passwords in the item list. Confirm your selection and tap Continue. Apple displays a summary of what will be exported. Read it carefully.
Next you choose your destination app. Only apps that support Credential Exchange appear in this list. As of May 2026 this includes Bitwarden, Dashlane, and 1Password. Tap your chosen app and authenticate with Touch ID, Face ID, or your device passcode. The transfer happens instantly. Your passkeys copy over rather than move. The originals remain in the source app unless you delete them manually.
Switch to the destination app and verify the import. Look for all your passkeys in the vault. Test one or two on their respective websites to confirm they work. Delete the duplicates from the source app only after you confirm everything transferred correctly.
Method Two: Direct Transfer Using Credential Exchange on Android
Android support arrived later but is now available on devices running Android 10 or later with updated Google Play Services. Dashlane launched the first Android implementation in February 2026. Other managers are following.
The Android flow starts from the receiving app rather than the sending app. Open Dashlane or your chosen destination. Navigate to the vault section. Tap Add New and select Import Multiple Items. Choose From Another Password Manager. The app scans for other installed password managers that support Credential Exchange. Select your source app from the list.
Follow the on screen prompts. You may need to authenticate in both apps. The transfer uses the CXP protocol to encrypt your passkeys during the move. Once complete your passkeys appear in the new vault ready to use.
Test a few passkeys immediately. One common Android specific issue involves passkeys that need an internet connection during transfer. If a passkey fails to import check your connection and try again.
Method Three: Exporting Bitwarden Vault JSON with Passkeys
Bitwarden offers a unique fallback that no other major password manager currently provides. When you export your vault as an unencrypted JSON or a password protected JSON file, passkeys travel with the rest of your data. This method works on desktop and mobile. It provides a backup route when Credential Exchange is not available.
Open the Bitwarden app and go to Settings. Choose Vault then Export Vault. Select the JSON format. Enter your master password. Save the file to a secure location on your device. This file contains your passkey private keys in a machine readable format.
Pros of this method. It gives you full control over your passkey data. You can keep an offline backup. You can import the JSON into a new Bitwarden account if you ever lose access to your original one. The file format includes passwords, passkeys, TOTP seeds, credit cards, and notes.
Cons of this method. The export file is not encrypted unless you choose the password protected option. Anyone who gains access to the file can extract your private keys. You must delete the file securely after using it. This method only works for Bitwarden to Bitwarden transfers or migrations to another manager that can parse Bitwarden’s specific JSON structure.
Method Four: The Manual Passkey Recreation Strategy
This method works for every password manager, every platform, and every service. It does not rely on any export standard. The tradeoff is time and effort. You will recreate each passkey inside your new password manager one account at a time.
Start by opening your current password manager. Filter the list to show only entries with saved passkeys. Open the first entry and note which website or service it belongs to. Log in to that service using your existing passkey. Navigate to the account security or sign in settings page. Look for an option labeled Add Passkey or Create Passkey.
Your browser or device will prompt you to save the new passkey. Choose your new password manager as the storage location. Complete the creation process. Most services allow multiple passkeys on a single account. You now have two passkeys active, one in the old manager and one in the new.
Repeat this process for every passkey entry. Once all passkeys exist in the new manager, log out of each service and test the sign in flow using only the new passkey. After confirming everything works, return to each service and delete the old passkey from the security settings page. This removes the old credential and leaves only the new one.
The Pros and Cons of Manual Recreation
Pros. This method works universally. It does not depend on any standard or software version. Every password manager that supports passkey creation can receive passkeys this way. You stay in full control throughout the process. You can audit each account as you go and clean up old security settings. The new passkeys are native to the new manager with no conversion or compatibility issues.
Cons. Manual recreation takes considerable time if you have many passkeys. A user with thirty or forty passkey protected accounts could spend hours clicking through security settings. Some services limit the number of passkeys per account. If a service only allows one passkey at a time you must delete the old one before creating the new one.
Despite the drawbacks, manual recreation remains the most reliable fallback method. It guarantees success when automated transfers fail or when your chosen password manager does not yet support Credential Exchange.
How to Create Multiple Passkeys as a Safety Net
A smart migration strategy includes redundancy. Before you start any transfer process, create a second passkey on a different device or manager for your most critical accounts. Email, banking, cloud storage, and social media accounts sit at the top of this list.
Sign in to each critical account. Go to the security settings. Add a new passkey and save it to a hardware security key like a YubiKey or to a completely separate password manager. This backup passkey lives independently of your migration. If something goes wrong during the transfer you always have a way back in.
Hardware security keys offer the strongest isolation. A YubiKey 5 series key can store up to 25 resident passkeys on the device itself. No cloud sync. No app dependency. If your password manager migration fails catastrophically your YubiKey passkeys still work. The downside is the limited storage. Reserve hardware keys for your ten or fifteen most vital accounts.
Handling Services That Limit Passkey Creation
Not every website plays nice with multiple passkeys. Some services allow only one active passkey at a time. A few do not expose passkey management settings to users at all. You encounter these limitations most often with financial institutions, government portals, and older enterprise systems.
For services with a one passkey limit, plan a quick swap. Log in using your existing passkey. Delete it from the service. Immediately create a new passkey and save it to your new password manager. Test the new passkey right away. Keep a backup authentication method active during this swap, such as a TOTP code or SMS code. This backup ensures you can recover access if the new passkey fails to register properly.
For services that hide passkey management entirely, contact customer support. Explain that you want to register a new passkey for your account. Some providers can reset passkey settings on their end and let you enroll again. Others may not support passkey changes at all after initial setup. You learn quickly which services prioritize user control and which do not.
What to Do If Your Password Manager Does Not Support Passkey Export Yet
Several popular password managers still do not support Credential Exchange. NordPass, Keeper, RoboForm, and many browser based managers like Google Password Manager are working on support but have not shipped it. If you use one of these you have two practical paths forward.
Path one is patience. Check your password manager’s release notes and blog regularly. The FIDO standards are public and many companies have committed to implementing them. Google Password Manager shows strong signs of near term support given Google’s active role in the CXF specification. Setting a calendar reminder to check back each month keeps you informed without constant manual research.
Path two is manual recreation as described earlier. Start with your most important passkeys and work down the list. Consider this an opportunity to audit your accounts. You can enable passkeys on services you previously skipped. You can delete old accounts you no longer use. A manual migration often becomes a digital spring cleaning session.
Backing Up Passkeys After a Successful Transfer
You moved your passkeys. Now protect them against future lockouts. A good backup strategy for passkeys involves three layers. Start with an exported file if your new password manager supports it. Bitwarden’s JSON export includes passkeys. Save this file to an encrypted USB drive stored in a safe physical location. Update the backup every few months or after you add important new passkeys.
The second layer is a hardware security key. Register backup passkeys on a YubiKey or similar device for your email account, password manager account, and any other single point of failure account. Store the hardware key in a separate physical location from your primary devices.
The third layer is your password manager’s own emergency access or family sharing feature. Bitwarden offers Emergency Access that grants a trusted contact access to your vault after a waiting period. 1Password has a similar Emergency Kit plus family sharing. Configure these features so a trusted person can help you recover access if you lose all your devices.
The Privacy Advantage of Direct Transfers Over CSV Files
Before Credential Exchange existed the only way to move any credentials was a CSV export. CSV files store everything in plaintext. Usernames, passwords, website addresses, and notes all sit in one readable file.
Anyone with access to your device can open the file and read every credential. Malware that scans your downloads folder finds these files immediately. Cloud sync services might upload them to servers you do not control.
Credential Exchange eliminates every one of these risks. The transfer happens directly between two apps. No file touches your storage. The data moves in an encrypted channel. On Apple devices the operating system manages the handoff and enforces authentication before any transfer begins. On Android the CXP protocol encrypts the package end to end with HPKE encryption. Even if someone intercepts the data stream they cannot read its contents.
This privacy advantage matters most for passkeys because a leaked passkey private key gives an attacker total access to your account. The passkey bypasses all second factor checks. Keeping passkey private keys off your file system and out of plaintext exports is a fundamental security requirement. Direct app to app transfer is the only method that fully honors that requirement.
The Current Limitations and Gaps in Passkey Portability
The passkey portability story in 2026 is much better than in 2024 but several gaps remain. Cross platform transfers from Apple to Android or vice versa still lack universal support. Apple Passwords exports passkeys but cannot import them from non Apple sources yet. Google Password Manager cannot export passkeys at all in public releases. 1Password supports export on mobile but not on desktop.
WiFi credentials do not transfer through Credential Exchange on Apple devices. Bank account details sometimes import as Secure Notes instead of structured entries. Some custom fields and file attachments get left behind during transfers. Passkeys need an active internet connection to transfer on certain platforms.
The biggest gap sits with enterprise and government accounts. Many corporate identity systems disable credential export entirely. If your work Microsoft account uses passkeys through Microsoft Authenticator you likely cannot move those anywhere. This is by design for security reasons but it creates real friction for people who change jobs or switch devices.
The Future of Passkey Portability
The trajectory points toward full interoperability. The FIDO Alliance expects CXP to reach final standard status in 2026. Google and Microsoft will almost certainly ship Credential Exchange support this year given their active participation in the specification process. As more providers adopt the standards, the gaps described above will close.
The standards also extend beyond passkeys. The CXF format defines types for passwords, TOTP secrets, notes, and credit card details. Future versions may add support for government issued identity documents and mobile driver’s licenses. One standardized exchange mechanism could eventually handle all your digital credentials.
For now the practical advice is simple. Choose a password manager that already supports Credential Exchange if you value portability. Bitwarden and Dashlane lead this category in early 2026.
Keep backup passkeys on a hardware security key for your most critical accounts. Check the support status of your password manager every few months. The passkey ecosystem moves fast and the next update might unlock the feature you have been waiting for.
Frequently Asked Questions
Can I copy a passkey from one device to another without a password manager?
No. Passkeys store private keys inside a secure enclave or password manager vault. You cannot copy the raw private key through any operating system function. You must either use Credential Exchange to transfer passkeys between apps or register new passkeys on each device individually.
Do I lose my passkeys if I delete my password manager account?
Yes unless you transfer or recreate them first. Deleting your password manager account destroys the encrypted vault on the provider’s servers. Any passkeys stored only in that vault become permanently inaccessible. Always transfer your passkeys or register backup passkeys before closing an account.
How many passkeys can I register on a single account?
Most consumer services allow multiple passkeys per account. Google, Microsoft, GitHub, and Amazon all support several active passkeys simultaneously. Some services limit users to one. Check the security settings page on each service to see your options.
Will Credential Exchange work between Apple and Windows computers?
Not fully in May 2026. Apple supports Credential Exchange on iOS and macOS but not yet with Windows apps. You can export passkeys from Apple Passwords to a third party app on Mac and then sync that app’s vault to the same app on Windows. The sync happens through the third party password manager’s cloud service, not through Credential Exchange directly.
Are passkeys backed up automatically when I back up my phone?
It depends on your platform. Apple iCloud Keychain backs up passkeys as part of its encrypted sync service. Restoring an iCloud backup on a new device restores passkeys. Android backups through Google One include passkeys stored in Google Password Manager. Third party password managers handle their own backups through their cloud sync services.
Hi, I’m Yuri — I’m a tech enthusiast who loves breaking down complex gadgets, software, and tools into simple, honest reviews and guides. My goal? To help you spend less time researching and more time enjoying the right tech.
