Password Manager: Why do I now have to keep entering in my password with each browsing session?

I have used Bitdefender Total Security and Bitdefender Wallet for several years, managing hundreds of passwords across various browsers (e.g., Chrome, Firefox, Edge, etc.). After turning on my computer, I was able to open a browser and log into my Bitdefender Wallet ONCE to allow access to my passwords for each website. I would not have to re-enter my Bitdefender Wallet master password ever again unless I completely shut down my computer and then turned it back on. 

Now, with Bitdefender Password Manager, every time I close my browser it forgets my Password Manager password, and I have to re-enter it again. Every single time. This is extremely frustrating. 

I would like to know if there is a way for Bitdefender Password Manger to “remember” my master password in the same way that Bitdefender Wallet did, so I don’t have to re-enter it every single time I close and reopen my browser. In my case, I would like this to specifically work with Chrome.

Since my single Password Manger password is now so important, I have a long and complex password that I do not wish to type in every single time. Nor do I want to store this password on my computer and have to copy and paste every five minutes. My browser also takes a lot of RAM that takes power away from my other RAM-intensive programs, so keeping it open all the time is not an option.

Appreciate your advice.

Answers

  • Hello,

    If you lock your device without closing your browser, Password Manager doesn’t lock and you can access your data when you return. As a security measure, every time you open the browser you have to sign in with your Bitdefender Central account and then input your Master password.

    • To stop the Central sign-in prompt, go into ⚙︎ Settings and tick “Disable login tab on startup”.
    • To stop the master password prompt for 72 hours, check the “Remember me” box on the Unlock your vault screen.

    Regards

  • Thank you for your response. From your comments, I understand that:

    1. The "sign-in once" feature of the Bitdefender Wallet is now lost forever. 

    2. For the newly paid version of Bitdefender Password Manager, I will have to sign-in every single time I open or close my browser. Which naturally happens dozens of times throughout the workday.

    3. I tried using the "Remember me" box but that is useless if you close your browser.

    4. Keeping my browser open is a security risk – especially if I shut down my computer with my browser still open. It also drains RAM from other professional applications. So this is not an option. 

    5. This new system for Bitdefender Password Manager forces users to have a very simple or easy master password to use for their Bitdefender Password Manager. When in fact, it should be just the opposite. 

    6. Alternatively, we are now forced to repeatedly copy and paste our BD Password Manager master password from Excel, Notepad, etc. every single time we open or close any browser on our device. This is also an unnecessary security risk.

    7. I have been using Bitdefender for almost 10 years. In fact, the only reason I renewed my Bitdefender Total Security subscription for these last few years was because of the Bitdefender Wallet functionality. 

    8. Please pass on to Bitdefender customer service and executive team that if this “sign-in every single time you open or close your browser” situation is not fixed, then they will lose me as a customer.

    9. Well aware that I am only a single individual and will have zero impact on Bitdefender profit. But if anyone else also experiences this and understands the unnecessary burden and security risk now placed on users, they will also “vote with their wallet” and stop using Bitdefender as a service.

    10. Many other password managers are objectively superior to Bitdefender Password Manager and do not require the user to sign-in every single time they open or close their browser. If Bitdefender is now forcing customers to pay for an inferior product it is fighting a losing battle.     

  • Hi.

    I notice the initial reply to your post can within a day - very good. However there is no reply to your second post for a week - very bad.

    I have also been with Bitdefender for many year and there was absolutely nothing wrong with the Wallet. I've been forced to use the trial version of the Password Manager, and I would not recommend it to anyone. Way to frustrating to use.

    I agree with all your points, but for No 9 you can make that a +1.

    I have never really felt the need to scout a round for Password Managers as the Wallet was good enough for me, so I am wondering if you would share which PM you are leaning towards.

    Thanks - John

  • Hi John, thanks for the support and +1. I have not yet made a decision on my next password manager. Will certainly choose one with local control and/or single sign-in functionality. Unfortunate that Bitdefender seems to have no apparent interest in modifying Password Manager to support these industry-standard options.

  • Hello and thank you for sharing your thoughts on this thread.

    I'll share a bit more context on how the 'Remember me' feature actually works:

    • "Remember me" is displayed at the screen asking for the master password.
    • After checking it, the user will not be required to enter the master password, as they will be logged in automatically.
    • Using remember me does not mean that you will never have to use Master Password again. As it is easy to forget the master password, and due to the security concerns in case the device gets lost or stolen, the user will remain logged in 72 hours, after that the master password will be asked for again. However, if the user is using the browser or the application actively every day, the 72 hours window gets refreshed every 24 hours.
    • If the user has inactivity lock with logout option enabled, then it is normal, since you are completely logged out of the account.
    • On mobile devices, the user is still required to enter PIN/biometrics, to ensure the device is in the correct hands. Note: If you have any security concerns about the "Remember me" option, you can use Inactivity lock with PIN unlock. This way you can still use “Remember me”, but the extension will be locked when inactive as an extra layer of security. Now, whenever the "Remember me" feature doesn’t seem to work as expected, there is a checklist to consider:
    1. First, did you check the “Remember me” box when logging in? - We've established this was checked.
    2. Did you log out manually from Password manager? – if yes, that’s normal.
    3. How long ago did you check “Remember” me? – the feature is time limited to 72 hours.
    4. Did you use the “Secure me” feature targeting the device with the issue? – if yes, that’s normal, as you were logged out.
    5. Did you enable Inactivity lock with logout option? - if yes, as mentioned above, that is normal as you were logged out.
    6. On mobile devices, are you asked for the master password, or PIN/biometrics? If PIN/Biometrics, that’s normal, this is asked for to ensure the device is in the correct hands.

    Concerning the Password Manager security and how the product compares with other password managers out there, I believe it goes without saying that Bitdefender has never sacrificed security over easy fixes. We work in an environment where reputation is key to keeping the front door open. As such, we can’t afford to cut corners and sometimes product enhancements may take some time to be developed and tested properly. Without doubt, the Bitdefender Password Manager provides the best password security out there. It’s not just passwords that are being encrypted, but whole data sets, like urls, domain and usernames, credit card data, notes, identities etc. If someone should get ahold of the users’ encrypted data, it would simply be impossible for them to pick just a particular website password to crack, since there is no information about which information this particular data set contains.

    Encryption keys are not generated from the user’s master password, but through derivations of data including a strong random key. Instead of PBKDF2 we use a much more secure hashing function called ARGON2ID.

    Sensitive user data does not leave the device without being encrypted in a secure way. We encrypt and decrypt everything locally, so the cloud service has no way to decrypt the data without the user’s master password and the keys which are generated locally. Password Manager is a considerable improvement when compared to the previous Wallet in many ways and the service received continuous improvements since its launch and these will continue as we gather more feedback from our users.

    @JohnG regarding this: I notice the initial reply to your post can within a day - very good. However there is no reply to your second post for a week - very bad. - I was out of office for a week with limited internet access and I could not reply here in good time.

    @BD Customer 2384239X I will make sure your feedback reaches the product developers and I thank you once again for sharing your findings and valuable feedback with the community.

    Regards,

    Alex

  • Hello Alex - thank you for your response. To answer your questions from your previous post:

    Q1. First, did you check the “Remember me” box when logging in? - We've established this was checked.

    A1: Yes. In fact, it is the very first thing I did. But – as I mentioned in my last two posts – it is useless if you close your browser at any time. The "workaround" of keeping my browser indefinitely open is not an option. Keeping my browser open throughout the day (or for days) is an even greater security risk and also takes up valuable RAM that should otherwise be allocated to my professional applications.

    Q2. Did you log out manually from Password manager? – if yes, that’s normal.

    A2: Normally no. I simply closed my browser. But even logging out causes same problems.

    Q3. How long ago did you check “Remember” me? – the feature is time limited to 72 hours.

    A3: I can check “Remember me” and then close my browser seconds, minutes, or hours later and it does not “remember me” when I reopen my browser.

    Q4. Did you use the “Secure me” feature targeting the device with the issue? – if yes, that’s normal, as you were logged out.

    A4: No.

    Q5. Did you enable Inactivity lock with logout option? - if yes, as mentioned above, that is normal as you were logged out.

    A5: Yes and no. It made no difference.

    Q6.  On mobile devices, are you asked for the master password, or PIN/biometrics? If PIN/Biometrics, that’s normal, this is asked for to ensure the device is in the correct hands.

    A6: I do not use this application on my mobile devices.

    I have tried several variations of checking and unchecking various options with Bitdefender Password Manager. The consistent result is that the browser will "forget" your BD Password Manager master password each and every time you close your browser. For me, that means the "Remember me" functionality is useless. That also means for me that Bitdefender Password Manager is no longer a viable option moving forward.

    I am using Bitdefender Total Security and Bitdefender Password Manager with Chrome browser on Windows on a PC. A standard configuration which has over 60% and 70% global market share, respectively.

    I have also researched if selecting the "delete all cookies and passwords, etc." functionality of Chrome is somehow also deleting the Bitdefender Password Manager master password each time I close my browser. But that does not seem to be the case. Moreover, as a best-practice security precaution, I normally and routinely have Chrome automatically delete my cookies and dynamic/temporary password data.

    If this is somehow also deleting my BD Password Manager master password every time I close my browser, then please advise me on how to ensure that ONLY the BD Password Manager master password is NOT deleted every time I close my Chrome browser. Which again, is something that I - and most - users do dozens of times throughout the workday.

    Appreciate your insight and response.   

  • Hello,

    Normally, you should stay logged in for 72 hours if you checked the "Remember me" box, but you'll have to wait at least 7-8 seconds after unlocking the Password Manager before closing the browser. The login process takes a few seconds to complete, so if you close the browser after this period you shouldn't have to re-enter the master password every single time you close and reopen the browser. However, if this doesn't work as designed, there is a chance of an actual issue and this should be furher investigated by the Support engineers.

  • Hi Alex, thank you for your response. Unfortunately, waiting for at least 7-8 seconds after unlocking Password Manager before closing my browser makes no difference.

    As I mentioned in my previous posts, even if I wait several minutes - or hours - after selecting "Remember me" and unlocking my Password Manager, I still have to enter my Password Manager master password each and every time I close and then reopen my browser.

    So, for me, the "Remember me" functionality is not working as you describe it should work in your previous post. In fact, I have never seen it work in any configuration or variation of time since I started using Bitdefender Password Manager.

    I am using the latest versions of Bitdefender Password Manager and Bitdefender Total Security with latest version of Chrome browser on a very popular (and common) computer running up-to-date Windows 10 Pro 64-bit. Please pass this information on your support engineers.

    As you know, long-time Bitdefender Wallet users (myself included) were forced to move to Bitdefender Password Manager earlier this month. If they are experiencing these same challenges, they are also likely to not have a good first impression of Password Manager and be in the process of looking for another product solution.

    Appreciate your response and insight.

  • Hello,

    Considering this, may I kindly ask you to open a ticket for the Support teams using the link below and provide me with the reference number, so I can ask my colleagues to assist as soon as possible?

    https://www.bitdefender.com/consumer/support/help/

    If the 'Remember me' feature is not working as expected, the engineers will have to take a closer look and advise further. I've seen a few isolated cases where 'Remember me' was ticked, but when reopening the browser the master password was asked for again, and this behavior was sometimes noticed on both Chrome and Firefox.

    So, the developers will have to investigate further and the Support teams can update you on their progress as soon as the ticket is raised.

    Thank you