HomeIntelligenceBrief
BREACH BRIEF⚪ Informational Advisory

ExpressVPN Launches ExpressKeys Upgrade with Secure Sharing, Passkey Support, and Independent Audit

ExpressVPN released a major update to its ExpressKeys password manager, adding secure sharing, native passkey support, and cross‑device sync, and the new version passed an independent security audit. This matters for SOC 2 readiness because the controls map to credential‑management criteria and provide audit‑ready evidence.

LiveThreat™ Intelligence · 📅 July 02, 2026· 📰 zdnet.com
Severity
Informational
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
zdnet.com

ExpressVPN Launches ExpressKeys Upgrade with Secure Sharing, Passkey Support, and Independent Audit

What Happened — ExpressVPN announced a major upgrade to its standalone password manager, ExpressKeys, adding secure credential sharing, native passkey support, and cross‑device sync. The new version also passed an independent security audit confirming its encryption and data‑handling practices.

Why It Matters for Compliance & Audit Readiness

  • The enhancements map directly to SOC 2 CC6.1 (Credential Management) and CC6.2 (Secure Transmission), giving organizations concrete evidence of strong access‑control practices.
  • An independent audit provides verifiable proof that can be attached to your SOC 2 evidence repository, reducing the effort needed during a readiness assessment.
  • Secure sharing and passkey functionality help meet the “least‑privilege” and “secure authentication” principles required by many regulatory frameworks (e.g., GDPR, CCPA).

Who Is Affected – SaaS providers, enterprises, and any organization that relies on password managers for privileged credential storage across the tech, finance, and professional services sectors.

Recommended Actions

  • Map ExpressKeys controls to SOC 2 CC6.1/CC6.2 in your control matrix.
  • Collect the audit report as part of your continuous‑compliance evidence library.
  • Update your credential‑management policy to include passkey usage and secure sharing guidelines.
  • Conduct a brief security‑awareness session on the new sharing workflow.

Source: ZDNet Security

Technical Notes – The upgrade introduces FIDO2‑compatible passkeys, end‑to‑end AES‑256 encryption for vault data, and a zero‑knowledge architecture verified by an external audit. No CVEs or vulnerabilities are disclosed. Source: same as above

📰 Original Source
https://www.zdnet.com/article/expressvpn-password-manager-big-upgrade-secure-sharing-passkey-support-more/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →