diff --git a/ansible_mitogen/loaders.py b/ansible_mitogen/loaders.py
index 24f3d2a1..1f4d8fc6 100644
--- a/ansible_mitogen/loaders.py
+++ b/ansible_mitogen/loaders.py
@@ -39,6 +39,7 @@ import ansible_mitogen.utils
 
 __all__ = [
     'action_loader',
+    'become_loader',
     'connection_loader',
     'module_loader',
     'module_utils_loader',
@@ -90,6 +91,7 @@ assert_supported_release()
 
 
 from ansible.plugins.loader import action_loader
+from ansible.plugins.loader import become_loader
 from ansible.plugins.loader import connection_loader
 from ansible.plugins.loader import module_loader
 from ansible.plugins.loader import module_utils_loader
diff --git a/ansible_mitogen/transport_config.py b/ansible_mitogen/transport_config.py
index b488b851..cc4e4a79 100644
--- a/ansible_mitogen/transport_config.py
+++ b/ansible_mitogen/transport_config.py
@@ -79,6 +79,7 @@ try:
 except ImportError:
     from ansible.vars.unsafe_proxy import AnsibleUnsafeText
 
+import ansible_mitogen.loaders
 import mitogen.core
 
 
@@ -435,7 +436,10 @@ class PlayContextSpec(Spec):
         return self._play_context.become_user
 
     def become_pass(self):
-        return optional_secret(self._play_context.become_pass)
+        become_method = self.become_method()
+        become_plugin = ansible_mitogen.loaders.become_loader.get(become_method)
+        become_pass = become_plugin.get_option('become_pass', hostvars=self._task_vars)
+        return optional_secret(become_pass)
 
     def password(self):
         return optional_secret(self._play_context.password)
@@ -652,8 +656,8 @@ class MitogenViaSpec(Spec):
 
     def become_pass(self):
         return optional_secret(
-            self._host_vars.get('ansible_become_password') or
-            self._host_vars.get('ansible_become_pass')
+            self._host_vars.get('ansible_become_pass') or
+            self._host_vars.get('ansible_become_password')
         )
 
     def password(self):
diff --git a/tests/ansible/hosts/transport_config.hosts b/tests/ansible/hosts/transport_config.hosts
index 05e0d4f1..dc21c332 100644
--- a/tests/ansible/hosts/transport_config.hosts
+++ b/tests/ansible/hosts/transport_config.hosts
@@ -47,7 +47,7 @@ tc-become-user-set ansible_become_user=ansi-become-user
 tc-become-pass-unset
 tc-become-pass-password ansible_become_password=apassword
 tc-become-pass-pass ansible_become_pass=apass
-tc-become-pass-both ansible_become_password=a.b.c ansible_become_pass=c.b.a
+tc-become-pass-both ansible_become_pass=bpass ansible_become_password=bpassword
 
 # port()
 tc-port-unset
diff --git a/tests/ansible/integration/transport_config/become_pass.yml b/tests/ansible/integration/transport_config/become_pass.yml
index 5cbbdf19..317e0522 100644
--- a/tests/ansible/integration/transport_config/become_pass.yml
+++ b/tests/ansible/integration/transport_config/become_pass.yml
@@ -119,9 +119,6 @@
       fail_msg: out={{out}}
 
 
-
-# ansible_become_pass & ansible_become_password set, password used to take precedence
-# but it's possible since https://github.com/ansible/ansible/pull/69629/files#r428376864, now it doesn't
 - hosts: tc-become-pass-both
   become: true
   tasks:
@@ -132,7 +129,9 @@
       - out.result|length == 2
       - out.result[0].method == "ssh"
       - out.result[1].method == "sudo"
-      - out.result[1].kwargs.password == "c.b.a"
+      # Ansible >= 2.10 builtin become plugins (e.g. sudo, su) give priority
+      # to ansible_become_pass over ansible_become_password.
+      - out.result[1].kwargs.password == "bpass"
       fail_msg: out={{out}}
 
 
@@ -147,6 +146,6 @@
       - out.result|length == 3
       - out.result[0].method == "ssh"
       - out.result[1].method == "sudo"
-      - out.result[1].kwargs.password == "a.b.c"
+      - out.result[1].kwargs.password == "bpass"
       - out.result[2].method == "ssh"
       fail_msg: out={{out}}