Last updated:

Use ExpressVPN on your devices.
Need a VPN or DNS for your device?
Get ExpressVPN Now
Use ExpressVPN on your devices.
One ExpressVPN account. All devices.
Get Apps for Free

Password Health is a feature in ExpressVPN Keys designed to help improve your overall account security. It offers an assessment of your password security through a security score, as well as tips and guidance on how to improve it, protecting you against password hacks.

The user interface of Password Health.

Your security score is calculated based on the strength of your passwords, whether you use the same password more than once, and whether the website URLs you stored are secure. Your score will improve as you resolve these issues.

Your logins and passwords are assessed locally on your device—they never leave your device. Learn more about the privacy of Password Health.

To access Password Health, add at least one login, then tap on the number icon at the top-right of the Keys screen.

How to improve your security score?

Learn more about the security issues that can be affecting your security score and ways to improve it below.

Weak passwords

Weak passwords can be easy to guess or crack easily by both humans and computers, making them vulnerable to password theft or compromise. They include common dictionary words, such as “apple” or “boy” or words that are easy to guess, such as place names or the names of your partner.

To keep all your accounts safe, generate strong and unique passwords in ExpressVPN Keys.

Reused passwords

A reused password is a password you use across multiple services or accounts. If your password is compromised, attackers may gain unauthorized access to all these accounts with the compromised password. The more accounts you have using the same password, the higher the risks involved.

To keep all your accounts secure, use strong and unique passwords for all your accounts.

Logins using an unsecure URL

Unsecure URLs start with http:// instead of https://. Any data passing between you and the website is not encrypted and can be read by third parties, including your passwords, usernames, email address, and credit card numbers.

To keep all your accounts safe, use only https:// in your URLs:

  1. On the Keys login information screen, tap Help Me Fix at the top.
  2. Tap Use HTTPS.

Exposed passwords

A password is exposed if it has been found in a list of passwords online, often as part of data breaches. Attackers often attempt to sign in to services by trying all known exposed passwords available on the dark web. The more accounts you have using the same exposed password, the more vulnerable you are to being hacked.

Data breaches potentially put your passwords at risk and are being reported at an accelerated rate, sometimes multiple times a week. To minimize the risk of exposed passwords, use strong and unique passwords for all your accounts and update any exposed password as soon as ExpressVPN Keys alerts you to do so.

Two-factor authentication not enabled

Two-factor authentication (2FA) adds an extra layer of protection to your online accounts, preventing unauthorized access even if your passwords are compromised.

To keep your accounts safe, you should enable 2FA where possible. ExpressVPN Keys lets you add 2FA codes to compatible accounts on the ExpressVPN app for Android and iOS. Once set up, Keys can easily generate 2FA codes—also known as time-based one-time passwords (TOTPs)—for websites or apps with 2FA enabled.

Important: You can only view and copy 2FA codes on the ExpressVPN Keys browser extension. You will be able to add 2FA codes on the browser extension at a later date.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top

Was this article helpful?

We're sorry to hear that. Let us know how we can improve.

A member of our Support Team will follow up on your issue.