migration chrome apple-passwords csv-import password-manager family-finance securekeep

How to Move from Chrome or Apple Passwords to a Real Vault

Your Chrome passwords are one Google-account-loss away from gone. Apple Passwords doesn't share well outside the Apple ecosystem. Here is the step-by-step way to export from either, and import every entry into SecureKeep — a vault designed for the family, not the browser.

A laptop and an iPhone, mid-migration from a browser-based password store to a vault.

The most popular password manager in the world is Chrome. The second most popular is Apple Passwords. Most of the people using them don't think of them as password managers at all — they think of them as "the thing that fills in my password automatically."

That works fine until the day it doesn't.

The day a Google account gets locked, or a Mac gets reset, or a non-Apple family member needs the Wi-Fi password, or a phone falls in the pool the week before vacation. The browser-based password store is excellent at autofill. It is not designed to be the place your family looks when they need access to your accounts. It was built to be invisible — and invisibility is the wrong property for a digital legacy.

If you've decided to move your passwords from a browser into a real vault, this is the guide. Both Chrome (which covers Edge and Brave too — they share the same export format) and Apple Passwords are supported by SecureKeep's CSV import.

The whole switch takes about a minute once your CSV is in front of you.

What You'll Need

  • A computer signed into the browser or system you're exporting from. Mobile-only export is not supported by either source.
  • SecureKeep installed on your phone. iOS or Android. The CSV import lives in Settings → Tools → Import from CSV, or as the Import CSV button at the top of the credentials list.

That's it.

Step 1A — Export from Chrome (or Edge, or Brave)

Chrome, Edge, and Brave all use the same Chromium-based password export. The path is essentially identical.

In Chrome:

  1. Type chrome://password-manager/settings into the address bar.
  2. Find Export passwords and click Download file.
  3. Re-enter your computer's login password (Chrome uses your OS password to authorize the export).
  4. Save the file. It downloads as something like Chrome Passwords.csv.

In Edge:

  1. Type edge://wallet/passwords into the address bar.
  2. Click the three-dot menu near the top of the passwords list.
  3. Choose Export passwords.
  4. Re-enter your OS password.
  5. Save the file (Microsoft Edge Passwords.csv).

In Brave:

  1. Type brave://settings/passwords into the address bar.
  2. Click the three-dot menu next to Saved Passwords.
  3. Choose Export passwords.
  4. Re-enter your OS password.
  5. Save the file.

All three produce the same column structure: name, url, username, password, note. SecureKeep auto-detects this as the Chrome format and imports accordingly.

The file is plaintext. We'll deal with that in Step 4.

Step 1B — Export from Apple Passwords

Apple Passwords (the dedicated app introduced in iOS 18 / macOS Sequoia, formerly part of Safari and System Settings as iCloud Keychain) supports CSV export from the Mac.

On macOS Sequoia or later:

  1. Open the Passwords app.
  2. Authenticate with Touch ID or your Mac's login password.
  3. From the menu bar, choose File → Export → Export All Passwords to File.
  4. Choose CSV format.
  5. Confirm the export warning.
  6. Save the file (Passwords.csv).

On older macOS (Safari-only Keychain access):

  1. Open Safari → Settings → Passwords.
  2. Click the more-options icon and choose Export All Passwords.
  3. Save the file as CSV.

On iOS / iPadOS: Apple Passwords on iOS doesn't currently expose a CSV export. Use the Mac to do the export, then move the CSV to your phone via AirDrop, iCloud Drive, or email-to-yourself.

The Apple Passwords CSV columns are: title, url, username, password, notes, and otpauth for any entries where you stored a verification-code seed in the app. SecureKeep's importer maps all of those.

Step 2 — Open SecureKeep and Tap "Import from CSV"

On your phone:

  1. Open SecureKeep and unlock your vault. (No vault yet? The first-run wizard walks you through creating one in about six minutes.)
  2. From the dashboard, tap Passwords, then tap the Import CSV button at the top of the list.
  3. The picker that opens is the standard iOS or Android files picker. Find the CSV you saved.

A note on a v3.0.0 design choice: the document picker is exempted from SecureKeep's lock-on-background protection. We added that exemption specifically because file-picking moves the app "to the background" from the OS's perspective, and we didn't want choosing your CSV to lock the vault and force you to start over. The exemption is narrow, scoped to known system pickers, and ends the moment the picker closes.

Step 3 — Review the Detected Format

SecureKeep auto-detects the format from the column headers.

  • Chrome / Edge / Brave is detected when columns name, url, username, password are present (without the Apple-specific title column).
  • Apple Passwords is detected when columns title, url, username, password are present.

You'll see a banner: "Detected format: Chrome" or "Detected format: Apple Passwords" along with the row counts.

Two things happen automatically:

  • Host-and-username deduplication. If you already have a credential for gmail.com with the same username, the importer skips the duplicate. Same hostname with a different username (your work and personal Gmail, for example) imports as a separate credential — exactly the behavior you want for family vaults.
  • TOTP secrets land in the right place. If you imported from Apple Passwords and you'd stored verification-code seeds in any entries, they come across as structured TOTP secrets in v3.0.0's structured 2FA. (Chrome doesn't store TOTP, so there's nothing to migrate from a Chrome export.)

Tap Import and confirm. The import is transactional and all-or-nothing: any failure rolls back the whole thing. No partial imports.

Step 4 — Delete the CSV

The export from either source is plaintext. Don't leave it sitting in Downloads.

After the import succeeds:

  • Delete the CSV.
  • Empty Trash (macOS) or Recycle Bin (Windows). Files in the trash are still recoverable.
  • If you transferred the CSV to your phone via email-to-yourself or iCloud Drive, delete the email and the file in iCloud Drive.
  • If you use Time Machine, exclude the Downloads folder before the next backup, or remove the export before backup time.

The most common mistake people make moving off Chrome or Apple Passwords is leaving the CSV around afterward. SecureKeep can't reach into your computer to clean that up — only you can.

What Gets Imported, What Doesn't

From Chrome / Edge / Brave:

Browser CSV field Imported into SecureKeep
name Credential label
url URL
username Username
password Password
note (or notes) Notes

Browsers don't store TOTP secrets, so there are no authenticator codes to migrate.

From Apple Passwords:

Apple CSV field Imported into SecureKeep
title Credential label
url URL
username Username
password Password
notes Notes
otpauth TOTP secret (structured 2FA)

What's not in either CSV at all:

  • Passkeys. Apple Passwords stores passkeys; Chrome stores passkeys; the CSV exports do not. Passkeys are device-bound credentials by design and don't migrate via CSV. This isn't a SecureKeep limitation — it's how passkeys are specified.
  • Wi-Fi passwords (Apple Passwords). Wi-Fi credentials live in iCloud Keychain but aren't part of the standard CSV. Add them to SecureKeep manually.
  • Family-shared passwords (Apple Passwords). Items that another family member shared with you appear in the export only if they were saved to your account.
  • Verification-code seeds in Chrome. Chrome doesn't have this concept, so there's nothing to migrate.

Why a Browser-Based Password Store Isn't Enough

Most people who use Chrome or Apple Passwords aren't choosing them as password managers — they're using whatever the browser offered. That's fine until the family-impact moment shows up:

Chrome is tied to a Google account. If the account is locked, suspended, or compromised, the entire password store is gone with it — or, worse, gone to whoever now has the account. Most users don't have a backup. Chrome's export is the only recovery path, and you only learn this when the account is already locked.

Apple Passwords is tied to the Apple ecosystem. Excellent within Apple, awkward outside it. A family member on Android cannot reach your Apple Passwords vault. A non-Apple device — borrowed laptop, work computer, hospital-room shared tablet — cannot autofill your stored credentials. For a family preparing for "if something happened to me," this is a real limit.

Neither was designed for legacy. Both store the credentials of the person logged into the browser or the iCloud account. Neither models multiple people, structured emergency information, family vaults, voice messages, or document attachments. Both are autofill products.

A real vault works for the family — not the browser. That's the angle SecureKeep is designed around. (More on the family-vault model.)

After the Import — A Five-Minute Cleanup

  1. Open Password Health (Settings → Password Health) and look at reuse + age. Browser stores never run this audit; you'll see things you didn't realize were a problem.
  2. Set up your Emergency Card with medical information, contacts, insurance, and physician. The Emergency Card is the artifact most users open most often.
  3. Decide whether to keep using browser autofill. Many people run both for a transition period — SecureKeep for everything important, browser for low-value sites. Some people turn off the browser's password manager entirely once they've moved. Either is reasonable.
  4. If you turned off browser password storage: also clear the saved passwords in the browser to remove the stale plaintext copy. Chrome: chrome://password-manager/settings → Clear browsing data → Passwords. Edge / Brave: equivalent path. Apple Passwords: Passwords app → Settings → Delete All Saved Passwords.

Frequently Asked Questions

Is the CSV import secure? The CSV is read on your device, parsed in memory, and each credential is encrypted with your vault's per-vault data encryption key (AES-256-GCM) before being written to disk. The plaintext CSV exists only in memory during the import.

Can I migrate passkeys? No — passkeys are device-bound by design and do not migrate via CSV. SecureKeep currently stores credentials and TOTP secrets, not passkeys.

Will my browser still autofill after the import? Yes — SecureKeep doesn't change anything in your browser. If you want to stop browser autofill, turn off the browser's password manager separately.

What if I'm exporting from an old Mac? Same Apple Passwords export path on macOS Sequoia and later. On older macOS, use Safari → Settings → Passwords → Export.

Can I export from iPhone directly? Not currently — Apple Passwords on iOS doesn't expose a CSV export. Use a Mac to do the export, then transfer the CSV to your phone (AirDrop, iCloud Drive, email-to-yourself) before the import.

Does the import overwrite existing credentials? No. Host-and-username dedupe preserves existing credentials. Only new ones are added.

Does this work for Brave? Yes — Brave is Chromium-based and uses the same CSV format as Chrome. The importer detects it as Chrome.

Related reading:

SecureKeep is a $7.99 one-time-purchase encrypted vault for iOS and Android. Multi-vault, emergency cards, voice messages, password health, CSV import from seven password managers — all encrypted locally, no cloud account required. See all features →