ExpressVPN on Monday launched a “full-featured password manager” that’s integrated into its mobile app and available to users at no extra cost.
The password manager, called ExpressVPN Keys, has a password health checker and can be unlocked with biometrics. It can also autofill logins and store unlimited credentials, credit/debit cards, and notes.
ExpressVPN said Keys has been in beta testing since last year and has been audited by cybersecurity firm Cure53.
“With the introduction of ExpressVPN Keys, we want to help more of our users take their first steps into password best practice, making it simple and easy for people to manage their passwords with a brand they trust,” Samuel Bultez, the head of product for ExpressVPN, said in a blog post.
Keys is now available on the ExpressVPN app for iOS and Android. Desktop users can download the ExpressVPN Keys browser extension for Chromium-based browsers. ExpressVPN said users can still access Keys even when their VPN subscription expires.
‘Full-Featured Password Manager’
Keys has all the features you’d find on some of the best password managers available today, but it also has some unique features like biometric unlock, which allows users to access the password manager using a fingerprint or face ID.
Keys uses zero-knowledge encryption to keep users’ passwords private and inaccessible to anyone — not even ExpressVPN can view them, the company explained.
“Zero-knowledge encryption allows you to store items in Keys in a way that only you—the person with the secret primary password—can access. When you store items in your vault, your primary password and any other plaintext information never leaves your device. Therefore, ExpressVPN Keys and its servers have no way of accessing this information in plaintext,” an extensive technical paper on Keys said.
“Even if a sophisticated attacker were to somehow get access to our systems, all information is encrypted—no plaintext information corresponding to your vault is ever stored in the ExpressVPN Keys database,” it added.
Keys’ password health check feature helps users identify and replace weak or reused passwords. It also monitors the web for leaked passwords and has a built-in authenticator that provides an extra layer of security for services that support two-factor authentication (2FA), eliminating the need for a separate 2FA app.
‘Protection in a Single App and Subscription’
ExpressVPN said it chose to integrate Keys into its existing VPN app to provide a seamless experience. It “expands ExpressVPN’s position as an all-in-one privacy and security suite of tools, all via a single app and subscription.”
While some users welcome the “all-in-one” approach, some are skeptical. One Reddit user voiced concern about entrusting a single app with sensitive details, such as passwords and sensitive internet traffic. “Ah yes, let me entrust all my most private information to a VPN service I use for privacy reasons. Why are VPNs creating password managers?” they commented.
For more news, follow us on X (Twitter), Threads, and Mastodon!
