ExpressVPN Launches ExpressKeys Upgrade with Secure Sharing, Passkey Support, and Independent Audit
What Happened — ExpressVPN announced a major upgrade to its standalone password manager, ExpressKeys, adding secure credential sharing, native passkey support, and cross‑device sync. The new version also passed an independent security audit confirming its encryption and data‑handling practices.
Why It Matters for Compliance & Audit Readiness
- The enhancements map directly to SOC 2 CC6.1 (Credential Management) and CC6.2 (Secure Transmission), giving organizations concrete evidence of strong access‑control practices.
- An independent audit provides verifiable proof that can be attached to your SOC 2 evidence repository, reducing the effort needed during a readiness assessment.
- Secure sharing and passkey functionality help meet the “least‑privilege” and “secure authentication” principles required by many regulatory frameworks (e.g., GDPR, CCPA).
Who Is Affected – SaaS providers, enterprises, and any organization that relies on password managers for privileged credential storage across the tech, finance, and professional services sectors.
Recommended Actions –
- Map ExpressKeys controls to SOC 2 CC6.1/CC6.2 in your control matrix.
- Collect the audit report as part of your continuous‑compliance evidence library.
- Update your credential‑management policy to include passkey usage and secure sharing guidelines.
- Conduct a brief security‑awareness session on the new sharing workflow.
Source: ZDNet Security
Technical Notes – The upgrade introduces FIDO2‑compatible passkeys, end‑to‑end AES‑256 encryption for vault data, and a zero‑knowledge architecture verified by an external audit. No CVEs or vulnerabilities are disclosed. Source: same as above