Bitdefender's password manager, SecurePass, includes helpful password sharing options and a remote lockdown feature. However, it lacks proper emergency access tools and account-level multi-factor authentication options. The app is less expensive than many password managers we recommend, but its performance was inconsistent during testing, and it lacks the premium tools we expect from a paid password manager. If you need a full-featured, free or paid password manager, we recommend NordPass and Proton Pass, both of which are Editors' Choice winners. NordPass offers email data breach scanning, while the free version of Proton Pass supports email masking.

How Much Does Bitdefender SecurePass Cost?

You can try Bitdefender SecurePass for free for 30 days. After that, the price is $2.99 per month, or you can opt for a discounted annual plan at $29.99 per year.

A subscription includes access to the password generator, auto-filling, secure sharing, and password hygiene tools. This is a sparse feature list for a premium-only password management app, which is surprising because other password managers charge less or the same amount for higher-value premium features.

Let's break this down: If you don't opt for the annual plan and instead pay $2.99 per month for a year, you'll spend $35.88. Even with the annual discount, that's significantly more than Bitwarden, which costs $10 per year. Bitwarden's paid plan includes data breach scanning, emergency access, and support for file attachments. Even the free version of Editors' Choice Proton Pass includes helpful features like email masking and password sharing.

Getting Started

(Credit: Bitdefender/PCMag)

SecurePass is available on Android, iOS, macOS, and Windows and supports Chrome, Edge, and Firefox browsers.

After creating your account, you're prompted to download a browser extension or download the app on your computer or mobile device. I tried out the Chrome browser extension first. A notable highlight: After signing up for an account, SecurePass sends you a straightforward guide for using the password manager via email.

Master Password

(Credit: Bitdefender/PCMag)

After opening the extension, I had to create a master password. Other password managers, such as LastPass, allow you to log in to your vault without needing a password.

A master password locks your vault and is only known by you, so not even Bitdefender can retrieve it if you lose or forget it. Ensure it's long, strong, and distinctive. Unfortunately, Bitdefender didn't identify my short, common password as weak during setup. The credential I created was also the same as my test account password, which is a big no-no. Most other password managers I've tested insist upon complex master passwords.

Once you enter your vault, save your Recovery Key. If you lose your master password, you lose access to your account. A Recovery Key is the only way to unlock it again. I recommend downloading the PDF and storing it in a safe location, such as an external hard drive.

Importing Credentials

SecurePass imports from several competing password management apps, including Bitwarden, Dashlane, LastPass, and RoboForm. If your old password manager is missing from the list, don't worry. I successfully uploaded my saved Avira Password Manager CSV using the Chrome option. Overall, I had no trouble uploading and accessing my old credentials.

(Credit: Bitdefender/PCMag)

The web vault's interface is pretty easy to navigate, though the app organizes each batch of imported credentials into separate folders. You can create as many folders as you want, which is great.

Previously, moving credentials between folders required editing each entry separately. Now, you can simply click the Select button and choose where you want to store your credentials. In a future update, it would be beneficial to have an option in the Settings menu for designating a default folder where all imported logins are stored.

(Credit: Bitdefender/PCMag)

Data Privacy With Bitdefender SecurePass

Before reviewing and testing a password manager, I send a list of questions to the company about its privacy and security practices. This is an effort to introduce you to the company you may be entrusting with your private information. Below are my questions, followed by responses from a Bitdefender spokesperson:

Has your company ever had a security breach?

No. You might have read that in August 2015 Bitdefender suffered a data breach. This is an inaccurate description as the news is based on the fact that a single application exposed a very limited number of customer login credentials through public cloud services and our investigation did not reveal a data breach.

What unencrypted information does the password manager store in user vaults?

None. All passwords are encrypted with a key known only to the user. This key is used exclusively within the password manager, which enforces strong master password requirements. User vaults are accessible only to the user — no one else, including Bitdefender, can access them.

What is the company’s policy regarding selling or sharing customer data with third parties?

Bitdefender does not sell user data. The company will not disclose personal data to third parties except as explicitly stated in the Privacy Policy.

How does your company respond to requests for user information from governments and law enforcement?

Bitdefender may disclose personal data to competent authorities upon legal request, in accordance with applicable laws, or when necessary to protect the rights and interests of customers or Bitdefender itself.

Although we disagree about what constitutes a data breach, Bitdefender's answers to our questions align with the company's privacy policy. Regarding the incident from 2015, at the time, a representative from Bitdefender confirmed to enterprise security publication CSO that an incident occurred. A hacker reportedly released login credentials for two Bitdefender employees and one customer, proving that Bitdefender's data had been breached. At the time of the incident, the Bitdefender representative stated that the incident was caused by human error, rather than a zero-day exploit. A single server with software containing a known flaw was deployed, which was exploited to extract the information above.

By all accounts, Bitdefender addressed and resolved the incident quickly, which is excellent. Censoring or penalizing companies that are forthright about security incidents that could affect customers is unhelpful at best and dangerous at worst. With that in mind, the 2015 data breach does not affect the product's score.

Notable Security Features

(Credit: Bitdefender/PCMag)

It's a good idea to enable multi-factor authentication (MFA) options for your password manager account. That way, even if someone steals or guesses your master password, they're unlikely to be able to access your vault. To set up authentication, log in to Bitdefender.com using your SecurePass account credentials. Click on your name in the top right corner, then choose Bitdefender Account > Password and Security > 2-Factor Authentication. You can authenticate your identity using either an authenticator app or via email. SecurePass doesn't allow MFA using hardware security keys, and it doesn't support passkey creation or storage.

On mobile, Bitdefender's security report settings alert users who do not designate an additional form of authentication at the device level (PIN, password, or biometrics), but authentication is not required for using the app.

SecureMe

SecureMe is basically a panic button that logs you out of all of your SecureMe instances on every platform immediately. I tried it using my Android device, and it worked as advertised. SecureMe is helpful if you suspect that one of your devices has been compromised. This feature is available on the mobile and web apps.

Security Report

The security features for SecurePass aren't as detailed or comprehensive as those found in credential auditing tools like Dashlane or NordPass. The security scanning feature can identify breached, duplicate, outdated, and weak passwords, although Bitdefender did not specify the specific rules for these designations.

For testing purposes, I always retain a few "weak" credentials in the test vault that are limited by a certain character count or restricted to specific character types. SecurePass correctly flagged the weak credentials. After logging in and out, the security report also alerted me to a breached password in the test list, which is a good thing.

When you edit a credential in SecurePass, you may notice a box that asks you to scan your password to check if it's in a breach report. Other password managers, such as Dashlane, request your consent to verify your password against a third-party database. Bitdefender does not request consent.

I suspected Bitdefender was using its own data for these scans, which was seemingly confirmed by this statement in a FAQ about the Digital Identity Protection products: "To find stolen data, we scan the dark corners of the web using various methods. Once the data is found, we use a proprietary system for identity resolution to discover the identity of the breached individual so we can alert the person about the breach, even if the breach itself includes little or outdated information."

Hands On With Bitdefender SecurePass

I tested SecurePass's functionality using the browser extension for Google Chrome and the Android app.

Credential Capture and Replay

(Credit: Bitdefender/PCMag)

The new Bitdefender browser extension is easy to use. Clicking on My Vault displays all your credentials, while Generate shows the password generator. When you click the Security tab, you're whisked off to the web vault to visit the Security Report section again.

I had no trouble creating new credentials using SecurePass. Each time I created a new login, Bitdefender offered to save it in my vault. Auto-filling my old credentials worked as expected. You can also add a multi-factor authentication token to each credential entry.

Password Generator

(Credit: Bitdefender/PCMag)

Bitdefender's password generator creates a new password whenever you create a new record. If you're logging in with an existing password and you want to keep it, you can overwrite the generated one and store your old one in the vault. You can create passwords ranging from 8 to 32 characters in length, using all character types (letters, numbers, and symbols). By default, Bitdefender SecurePass creates 20-character passwords, which is ideal.

Password Sharing

(Credit: Bitdefender/PCMag)

Bitdefender's password manager includes sharing options. Here's how to use them: First, open the Edit tab for the credential you want to share. Click the three dots next to Edit on the entry screen. Click Share Link to create a link with an expiration date. You can also protect the link with a password and set it to expire after a specified number of clicks, up to seven.

I like the link-sharing method because it makes it easy to send credentials to people who don't all use the same password management app. The link share functioned well in testing, although the shared link did not appear in the Shared Items list within the web vault.

Another way to share is to give another Bitdefender SecurePass customer access to the credential. To do this, click Share, enter the email address associated with their SecurePass account, and select whether that person can View, Write, or have Admin rights when accessing the credential.

Form Filling and Storage Options

(Credit:Bitdefender/PCMag)

A previous app version had no trouble filling in personal data on web forms. The newest version failed to prompt me to auto-fill data, such as my address, name, or phone number, on the test websites. The current Identities system allows you to create as many identities as you want, but you can't fill in many data types. There isn't even a form for you to enter your zip code.

The Bitdefender SecurePass web dashboard features a separate section for storing credit card information and text notes, but it does not allow you to store files in your vault.

Emergency Access

In the event of your death or incapacitation, you may want to allow someone you trust to log in to your accounts using your credentials. Keeper, Bitwarden, Dashlane, and many other password managers offer a system that allows you to grant a friend or relative emergency read-only access to your accounts. With Bitdefender, emergency access to your account is limited to giving your account recovery key to someone you trust, which is not ideal.

Mobile Apps

I tested Bitdefender SecurePass on an Android device and an iPhone. The app's interface is similar to that of the web app and browser extensions, but it adds an extra security feature called SecureMe, which, as we mentioned above, logs you out of all SecurePass sessions on all of your devices.

Bitdefender SecurePass disables screenshots by default on Android. This is a good security policy, but most other password managers allow you to turn on screenshots in the Settings menu on mobile devices. There are scenarios where screenshots are necessary, such as when troubleshooting a problem with the support team.

I found that the Android app tends to open slowly when using Microsoft Edge, but faster when using Chrome. Password filling is clunky, too. For example, when I encountered a multi-step login form, I had to unlock the app by entering my master password before entering my username, and then again before entering my password. Most other password managers can fill both fields with just a tap.

If you set a PIN in the Settings menu, you won't need to enter your master password. Instead, you'll need to enter a PIN each time. Though I can change my PIN code, I couldn't find a way to remove the PIN from the app or set a lockout duration within the mobile apps, which is unusual. For example, 1Password and other password managers allow you to choose how long the app remains open and unlocked on your device.

From a security standpoint, it makes sense to auto-lock the app by default; however, this policy affects the app's usability. If people must manually enter their master password or PIN every time they want to fill in a password, they may stop using the password manager altogether. Providing customers with more security options may help curb the urge to quit.

Customer Support Options

(Credit: Bitdefender/PCMag)

As expected from a major cybersecurity company, Bitdefender offers extensive and responsive customer support options. If you need troubleshooting assistance, check out the product help page. If you need one-on-one assistance, reach out to Bitdefender via a chat window on the support site, email, or phone call.

To find the list of Bitdefender support desk phone numbers, navigate to the support page, choose "I don't know" as your final support option, and click the phone icon. We appreciate that Bitdefender offers customers three options for getting help.

Is It Easy to Delete Your Bitdefender SecurePass Account?

Bitdefender makes it easy to delete SecurePass. On mobile, visit the Settings Menu and tap the Delete my account button. For other platforms, visit your account page on the web, click the Data and Privacy tab, and then click the button to delete your account.

(Credit: Bitdefender/PCMag)