Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
ExpressVPN's upgrades to its password manager include passkey support and secure sharing.
The ExpressKeys upgrade has also passed an independent audit.
The improvements highlight a growing need for secure data sharing.
ExpressVPN has revealed significant upgrades to its password manager, ExpressKeys, with secure sharing and improved cross-device management for your most sensitive information.
Also: The best password managers: Expert tested
ExpressKeys: what you need to know
ExpressKeys is ExpressVPN's standalone password manager and secure vault. Password managers take the hassle out of remembering complex passwords and phrases, allowing you to store your credentials and other sensitive information. Strong encryption standards protect your data.
This February, ExpressVPN expanded beyond VPNs by introducing ExpressKeys for Android and iOS. On Thursday, the VPN provider said the latest update has introduced more advanced features to improve security, privacy, cross-platform usage, and the management of sensitive information.
Also: It's possible to switch password managers without losing a single login - and I'm proof
ExpressKeys' new features include:
Passkey support: You can now generate, store, and manage passkeys directly in the ExpressKey app -- providing support for passwordless authentication methods including fingerprint verification and FaceID.
Sensitive credential, data management, and imports: ExpressKeys now supports the FIDO Alliance's Credential Exchange standard, which requires that password managers offer a secure way to switch between services. Some products require vaults to be exported as plain-text files, which can pose a serious security risk to your online accounts and information. Instead, supporters must facilitate direct, encrypted transfers.
Secure item sharing: If you need to safely and securely share sensitive information stashed in your vault, such as login details, passwords, payment card details, or notes, you can use ExpressKeys to generate a link that you can control. You can set link usage timers, recipient verification requirements, and even an auto-destruct setting once it has been viewed. You can view active links and disable them at any time.
Physical card scanning: iOS users can now scan their physical payment cards and save the information directly in the app. An Android version will be rolled out in the future.
Recently Deleted: Sometimes we delete logins and sensitive information by accident, and we may have no way to recover it. ExpressKeys will now hold items you've removed from your vault -- such as passwords or notes -- for 30 days in a Recently Deleted folder.
User interface: The app's usability has been upgraded, with new color-coded passwords, expanded localization, and improved swipe gestures.
A new audit
Security and privacy updates in products are always great to hear, but unless they are backed by independent audits, you can't be sure the claims are trustworthy. With this in mind, security consultant Cure53 conducted an assessment of ExpressKeys and found no high- or critical-severity vulnerabilities. The latest audit brings ExpressVPN's total audit count to 28.
Also: LastPass hit by new data breach - 4 steps you should take now
Secure sharing: why does it matter?
The most significant upgrade here is the secure sharing and data management features.
Bruno Magalhaes, product engineering manager at ExpressVPN, said the update "gives people easier ways to move beyond traditional passwords, transfer their credentials, and share sensitive information with greater control."
It's not uncommon for individuals to share a password over email, text, or even social media in a pinch -- but this can open the door to theft, especially if the account is compromised. In a recent study conducted by ExpressVPN, football fans across six countries revealed that 18.6% of participants in the US have shared a sports content service password with someone else. While this alone might not be a major issue -- 65% of them also use the same password for other online accounts.
Also: ExpressVPN review: One of the fastest VPNs we've tested
Unless such sensitive information is shared securely, it's not just one account at risk; it is potentially multiple accounts. Not only that, but passwords shared over multiple platforms could end up being accidentally stored in the cloud, in chats, and more, rather than being securely held in an encrypted vault. With data breaches so common, securely sharing sensitive data across multiple platforms via methods such as secure links is paramount to reducing the risk of compromise.
There's also the FIDO Alliance's Credential Exchange standard to consider. Now that ExpressKeys adheres to this standard, transitioning from one password manager to another is safer. The last thing you want is your credentials and vault data exposed for all to see in a plain-text file.
How to try out ExpressKeys for yourself
You can download the app if you're interested in trying out ExpressVPN's password manager. The app is available on Android and iOS, or as a browser extension if you are already an ExpressVPN user. ExpressKeys is included in ExpressVPN Advanced and Pro plans.
View original source — ZDNet ↗


