Like other password managers, Bitdefender Password Manager can create and store credentials on your mobile devices and browsers. It offers a helpful remote lockdown feature in SecureMe, and getting started with the app was easy in testing. Drawbacks include a lack of credential sharing, emergency access, and account-level multi-factor authentication options, which are all features we’ve come to expect from modern password managers. Check out Editor’s Choice winner Bitwarden for feature-rich yet inexpensive password management.How Much Does Bitdefender Password Manager Cost?An Individual Bitdefender Password Manager subscription costs $29.99 annually. You can add support for up to four accounts with a Shared plan, which is $59.99 annually, before any promotional discounts. The service offers a 30-day free trial.Bitdefender’s subscription prices for the password manager are on par with much of the competition. LogMeOnce is $30 annually, while 1Password’s Premium tier is $35.88, and Keeper is $34.99. That said, there are free password managers out there, and some password managers offer very low-price subscriptions. For example, Bitwarden’s premium plan is $10 per year, Zoho Vault is $12 annually, and Proton Pass costs $21.88 per year.
Getting Started With Bitdefender Password ManagerBitdefender offers password manager browser extensions for Chrome, Edge, Firefox, and Safari. There are also apps for Android and iOS. We tested Bitdefender’s password manager using a Samsung A71 5G and a desktop running a Chrome browser.
(Credit: Bitdefender/PCMag)
After signing up for an account and creating a strong and unique master password, Bitdefender prompts you to save a recovery key as a PDF on your device. You can also copy the code and store it someplace offline. This is the emergency access key for your account in the event of your demise or if you forget your master password.
(Credit: Bitdefender/PCMag)
You can then install the browser extension by following the provided instructions and importing the credentials stored in your browser or on your device. It would have been nice to see a video tutorial or step-by-step module for new password manager users like those we’ve enjoyed from 1Password or Keeper.Bitdefender’s password manager can import data from 1Password, Bitwarden, Bitdefender Wallet, ByePass, Chrome browser, Claro, Dashlane, Edge browser, ESET Password Manager, F-Secure, Firefox browser, KeePass, LastPass, Panda Dome Passwords, PassWatch, Roboform, Saferpass, SFR Cybersécurité, SIT, Sticky Password, Telnor, and Watchguard. To compare, Bitwarden can import data from more than 50 other competitors. If you’re switching to a new password manager and your old app isn’t on the import list, Bitdefender allows you to upload data from your old password manager using preformatted CSV files.What Are Bitdefender Password Manager’s Authentication Options?We believe all password management apps should include support for multi-factor authentication (MFA). Without MFA, anybody who guesses, steals, or hacks your master password can access your vault. We did not see any MFA options for securing your password vault with Bitdefender while testing the product. On mobile, Bitdefender’s security report settings alert users that do not designate an additional form of authentication at the device level (PIN, password, or biometrics), but authentication is not required for using the app. Bitdefender Password Manager doesn’t allow options like authenticator apps, hardware security keys, or a form of passwordless authentication like a passkey for authenticating online accounts. We prefer password management services that allow you to protect your accounts using diverse authentication methods, so Bitdefender’s lack of MFA options affects its review score.Data Privacy With Bitdefender Password ManagerBefore we review and test a password manager, we send a list of questions to the password management company inquiring about its privacy and security practices. We want you to have plenty of information about the companies handling your data. We’ve included Bitdefender’s responses to our questions below.Has your company ever had a security breach?No. You might have read that in August of 2015, Bitdefender suffered a data breach. This is an inaccurate description as the news is based on the fact that a single application exposed a very limited number of customer login credentials through public cloud services and our investigation did not reveal a data breach.What unencrypted information does the password manager store in user vaults?None. All passwords are encrypted with a key that only the user of the service has knowledge about, in one single place (Password Manager), with complex master password requirements. User vaults are not accessible to anyone, except the user.What is the company’s policy regarding master passwords?Bitdefender does not have access or control of the user’s master password.What is the company’s policy regarding user data collection and data sales?The company`s policy regarding the user data collection is described in Bitdefender’s Privacy Policy for home users. Bitdefender does not sell any user data.How does your company protect user data?Bitdefender applies best practices with regards to security of user data, as such it has obtained the following certifications: ISO 9001, ISO 27001, ISO 27017, SOC2 Type II, HIPAA.How does your company respond to requests for user information from governments and law enforcement?Bitdefender will not reveal any personal data about its users to third parties without the exceptions mentioned in Privacy Policy for home user. Bitdefender may reveal personal data to competent authorities, upon their legal request according to the applicable laws or when this is necessary to protect the rights and interests of our clients and Bitdefender.Bitdefender’s answers to our questions align with the company’s privacy policy, though we disagree about what constitutes a data breach.PCMag looked into the incident described above, and in 2015, a representative from Bitdefender confirmed to enterprise security publication CSO that the incident did, in fact, occur. The hacker reportedly released login credentials for two Bitdefender employees and one customer, proving that Bitdefender’s data was breached. That said, the representative noted that the incident was a result of human error, not a zero-day exploit. Apparently, a single server was deployed with software containing a known flaw, which was exploited to extract the information above. Bitdefender addressed and resolved the incident promptly in 2015, which are actions that should be commended, not penalized. The 2015 data breach does not affect the product’s score.We encourage anyone looking for a new password manager to browse privacy policies and terms of service agreements to learn more about how companies collect, sell, or store user data. Decide how comfortable you are with data collection and act accordingly.SecureMe
(Credit: Bitdefender/PCMag)
Bitdefender offers a feature called SecureMe, which allows you to remotely log out of all of your open browser sessions and delete the bookmarks, browsing, and download histories. It’s a good option for people who use shared computers and devices. We tried using SecureMe, and it successfully logged us out of both the browser extension and the mobile app with just one click. We also like that you can see on a map where you are logged into the password manager.It’s worth noting that this unusual feature appears in exactly the same form in the SaferPass password manager. A Bitdefender representative confirmed that the company is licensing the SecureMe technology from SaferPass.Breach and Password Hygiene MonitoringBitdefender Password Manager’s security reports aren’t as detailed or comprehensive as the credential auditing tools found in Dashlane or NordPass. Bitdefender’s Security report only identifies duplicate, leaked, weak, or old passwords, but doesn’t specify the rules for these designations. For testing purposes, we always retain a few “weak” credentials in the test vault that are under a certain character limit or contain limited character types. Bitdefender Password Manager did not flag these credentials as weak. Clicking the Leaked Passwords button is supposed to compare your passwords to passwords that have appeared in data breaches posted on haveibeenpwned.com, but the security check did not turn up hits on a password that has appeared in multiple breaches.Hands On With Bitdefender Password ManagerWe tested Bitdefender Password Manager’s functionality using the browser extension for Google Chrome and the Android app.Chrome Browser Extension
(Credit: Bitdefender/PCMag)
The Bitdefender Password Manager browser extension for Chrome features a navy blue, white, and lighter blue color scheme. The default view of your password vault shows a web address for each entry and the username associated with it. In some cases, the website icon appeared next to the entry, but most entries, even those from well-known websites like walmart.com, showed blank icon images in the vault window. Clicking on a vault entry opens the editing screen for the entry instead of taking you straight to the website to log in, which is not ideal. To get to your target website from the browser extension, click on the three dots next to the entry and choose “Go to website.” We much prefer a sleek and easy-to-use browser extension like the one from Keeper, which allows you to click or tap a vault entry and go directly to the website to log in. The Chrome browser extension can also double as a 2FA authenticator and saves the 2FA secret keys in the vault. We did not test this feature.
(Credit: Bitdefender/PCMag)
The Chrome browser extension’s Settings menu offers you a lot of options related to the extension’s display and credential-filling behavior. We suggest checking off “Disable automatic filling of accounts” since that’s an action hackers could exploit. We also recommend choosing the option to make Bitdefender your default password manager. Initially, Google Chrome tried to use its own password manager to save my credentials while I tested the browser extension, creating dueling password manager notifications on my screen. It’s an issue with Chrome and password managers that we’d read about on forums but hadn’t encountered in testing until now.
How to Use a Password Manager
Bitdefender handles the Google problem reasonably well. After checking off the settings menu option, Chrome prompted us to give Bitdefender further access to our browsing data. Once that was complete, we didn’t have trouble capturing or replaying existing and new credentials. Whenever Bitdefender Password Manager encountered an unfamiliar login form, it showed an alert urging the you to save your login credentials in the vault, or allowing you to turn off Bitdefender Password Manager temporarily, or disable the app for that website.Back in the Settings menu, you can also designate a lockout time period for your Bitdefender Password Manager vault. You can choose never to lock your vault or lock it after incremental periods of one minute and one day. The other two points of interest in the Settings menu are the “blocked” and “unique” website management tools. The “Manage blocked websites” button keeps the password manager from offering to store or generate credentials for designated websites. This is handy if you don’t want to store the credentials for your work email account or other sensitive accounts that you don’t control in your personal vault. We tested this by adding pcmag.com to the list and attempting to store a new username and password for the website. Bitdefender did not allow it. The “Manage unique websites” button allows you to store multiple accounts with the same username for a website.Password Generator
(Credit: Bitdefender/PCMag)
Bitdefender’s password generator creates a new password any time you create a new record. If you’re logging in with an existing password and you want to keep it, you can overwrite the generated one and store your old one in the vault. You can create passwords as short as 4 characters and as long as 32 characters using all character types (letters, numbers, and symbols). By default, Bitdefender Password Manager creates 16-character passwords. PCMag encourages everyone to create passwords that are at least 20 characters long with varied characters.Storage and Form Filling
(Credit: Bitdefender/PCMag)
Bitdefender has a well-organized Identities system that allows you to fill in data on web forms. It’s something 1Password and RoboForm do particularly well, too. We didn’t have any trouble creating multiple identity profiles within the password manager vault, and in testing, Bitdefender filled in all of the information in online forms as expected. Something we really appreciate is the Identities selection drop-down that appeared when filling out forms online. It eliminates confusion when you have multiple addresses or phone numbers to choose from.You can also store text notes and credit card information in the vault. You can’t store files in the vault. Like Keeper, Bitdefender Password Manager keeps every version of every credential entry. You can scroll through all the passwords you’ve ever saved for a given website and even restore an old version. Sharing and Emergency AccessSecure credential sharing is not an option with Bitdefender Password Manager, which is surprising, given that it’s something most other password managers with paid subscription tiers provide. In a similar vein, emergency access to your password vault is not so easy with Bitdefender. In the event of death or incapacitation, you may want to allow someone you trust to log in to your accounts using your credentials. Keeper, Bitwarden, Dashlane, and many other password managers include a system to give a friend or relative emergency read-only access to your accounts. With Bitdefender, emergency access to your account is limited to you giving your account recovery key to someone you trust, which is not ideal.Bitdefender Password Manager on Mobile
(Credit: Bitdefender/PCMag)
We tested Bitdefender Password Manager’s app for Android, which worked using the Chrome browser app on our device. The app looks identical to the desktop Chrome browser extension. You can change auto-fill and auto-capture capabilities in the Device Settings menu. There, you’ll find the option to change your PIN or enable vault unlocks using biometrics. We like that on the Android version of the app, in-app screenshots are disabled by default. iOS devices are too locked down to give you that kind of control. Verdict: Is Bitdefender Password Manager Right for You?We like SecureMe, Bitdefender Password Manager’s emergency account logout tool. We also appreciate that Bitdefender can store your credentials across your devices and allows you to create multiple form-filling identities. That said, its relatively low annual retail price doesn’t balance out the lack of MFA options, disjointed vault organization, and absent emergency access features. Bitwarden remains our Editors’ Choice award winner for password managers thanks to its low price and multitude of features.
Bitdefender Password Manager
Cons
Lacks multi-factor authentication options
Clunky vault organization
No secure credential sharing or emergency access options
The Bottom Line
Bitdefender Password Manager can capture and replay credentials with ease, but it doesn’t include important features like multi-factor authentication, password sharing, or emergency access.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.