RememBear Overview
Although it is a brand new service that has only just come out of beta, RememBear is already available for Mac, Windows, iOS, and Android. In addition, is has already released integrated extensions for Chrome, Firefox, and Safari (though, admittedly, Opera and Edge are not currently represented).
RememBear claims to protect passwords in a completely secure and private manner. And the service has already been thoroughly audited by a third-party security firm (Cure53) - to ensure that the end-to-end encryption is properly implemented.
If you are still using the same password for multiple accounts, a password manager like RememBear is probably a good option because it will allow you to set strong unique passwords for all your accounts - without you having to remember them all.
Pricing
The good news is that - like the majority of its competitors - RememberBear is available for free on a single-use basis. The free plan can be used by one subscriber on one device - and allows that user to save and recall an unlimited number of passwords. However, free users do not get to back up their passwords to the cloud. Instead, their passwords are encrypted and stored locally - meaning that if they lose their device, or if it breaks or corrupts, they will potentially lose all their passwords. In addition to the lack of backups, free RememBear users may not sync their passwords across devices.
The good news, however, is that all users get 30-days of premium for free when they first sign up, which means that you can get a sense of the full version without having to pay. Since free users of RememBear are limited to a single device, it's worth remembering that passwords synced to a secondary device will cease to work once the 30-day trial is up. Thankfully, it's incredibly cheap to upgrade to a premium subscription plan for just $3 per month, after which they will be able to back up their passwords and sync them securely across all their devices.
Premium users also receive prioritized customer service, though admittedly, password managers are not the kind of service that usually requires much hand-holding. On the other hand, because this is aimed at beginners and non-techies, that help may be useful to people wanting to learn how to back up, sync, autofill, and autosave passwords on the fly.
Overall, $36 per year does not seem overly costly. It is exactly the same price as the popular password manager LastPass, for example. The price is fair considering that this service has been audited and does have all the important features you would expect from a high-end password manager. And you do have the option to use it for free indefinitely as long as you aren’t a power-user with tons of devices.
On the other hand, prolonged use of the free version could result in a pretty bad headache if you are a mobile or tablet user who upgrades frequently or is prone to losing and damaging their device. And, the lack of any backup on the free version can be considered stingy - because competitors like NordPass and Myki do provide backups even on their free, single device versions.
In addition, RememBear does present free users with a reward scheme that can be leveraged to gain $6 off a paid subscription. This discount can be obtained by unlocking 5 achievements - which include sharing RememBear on social - and various other positive activities such as inviting friends to the password manager.
Finally, users can opt to pay with Mastercard, Visa, or AMEX. However, Paypal and Bitcoin are not available payment methods, which may put some people off.
Features
Setup
Getting an account with RememBear is as easy as heading over to the website and downloading the version you require. We opted for the Windows version and installed the Chrome extension - in order to test the autofill and autosave password features.
The standalone Windows client downloaded in a matter of seconds, and after agreeing to a pretty standard Terms of Service, it installed without issues. As is always the case with TunnelBear products, the installation was accompanied by amusing bear-related puns.
Following the installation, users are asked to create an account. To do so, you will need to provide an email address and master password.
As is always the case with zero-knowledge password managers, RememBear makes a big deal of reminding you to make sure you remember your master password as you cannot recover it in case of loss or forgetfulness. In addition, it does provide a backup code that is attached to the account in addition to the master password. This allows you to recover your passwords if you do happen to forget your master password.
Just be aware that if anybody gains access to this recovery code, they could easily reset your account and access all your passwords. Thus, where and how you store this code is going to be important to the safety of your passwords, and we generally recommend that you write it down or print it and store it somewhere discreetly offline.
Next, RememBear gives you the option to import logins from your computer. This is a good way to save time and ensure that you get all your previous passwords locked into RememBear from the get-go. Users have the option to import from their browser, or to import from a previous password manager using a CSV file. We opted to import via CSV.
We liked the fact that part of this process included a guide on how to export CSV files, which is a testament to this password manager’s focus on beginners. With the passwords successfully imported (and another hilarious bear joke endured embraced), the password manager prompted us to install the browser extension. So we went ahead and installed the Chrome extension.
With the Chrome extension installed, you are asked to confirm that the two codes (one in the application window, and one in a browser window) match. This is a security feature designed to ensure that the application pairs without outside influences. With that done, the installation is complete and you are ready to begin using RememBear to secure your accounts.
Ease of Use
The RememBear client is well designed and easy to look at. Clicking 'logins' on the right-hand side allows you to see all the logins that were imported during the installation phase. Next, we decided to proceed by seeing how well RememBear fared at autosaving passwords to the vault. To do so, we headed over to Facebook and were happy to find that the extension was doing its job (visible because a bear icon had appeared within the login forms). Entering our email and password resulted in the extension prompting us to save our password to the vault.
With the password saved, we returned to Facebook to test the autofill feature and are happy to see that clicking on the login form instantly provided us with access to the password from our vault.
RememBear also gives you the option to create new secure passwords using its password generator. We decided to delete our Facebook password from the vault in order to test it.
These passwords can either be created out of characters or words, and users can opt to include as many upper and lowercase characters, symbols, and numbers as they wish - in passwords up to 50 characters long. This is a great feature that will certainly make creating new secure passwords for accounts extremely easy.
Another feature we liked was the ability to check the strength of the passwords in your vault. As you can see below, a password that is made entirely of lowercase letters that is just four characters long is shown with a red bar to indicate that this password is in urgent need of being improved.
For those who need it, a password sharing feature is also available. However, if you are using the free version, clicking on Share a Bear will only allow you to share a GIF of a bear. You will need to upgrade to the premium plan in order to share passwords. In addition, you can only share passwords with fellow RememBear users, so they will need to download and install the free version in order to receive a password from your paid account.
As is the case on other password managers, the secure notes feature allows you to store notes for yourself within your vault. This feature works without issues and allows you to make notes of an undefined length.
The Credit Cards feature (just below Secure Notes) allows you to save your card details for use online and means that you do not need to worry about entering your card details every time you encounter an online shopping form.
Finally, clicking on Add a New Device allows you to sync your account onto another machine. To test this syncing feature, we decided to install the iOS version. Happily, we were easily able to use the QR code from the Windows client to sync the passwords across in an encrypted format - ready for use on our iPad.
Although there is an export feature available in settings, free users cannot backup their passwords using this feature, making cloud backups and CSV file exports completely unavailable unless you pay for a subscription. And, it is worth noting that the export feature is not even available on the 30-day trial of premium.
Overall, we found RememBear to be a software that easily lives up to its promise of being a suitable password manager for beginners.
All the most important features are instantly available, and due to the seamless integration between the extension and the stand-alone client, users are able to begin storing and recalling their passwords into forms with no effort.
The lack of password sharing and cloud backup for free users is a bit of a pain. However, this is understandable and pretty standard across free password managers, meaning it would be unfair to criticize this password manager. Still, we encourage anybody who requires those features (and like using RememBear) to get a paid subscription.
Privacy and Security
E2EE
RememBear is a zero-knowledge service with end-to-end encryption. Passwords are stored in an encrypted format, either on the user's local machine or on cloud servers controlled by RememBear. Free users do not get online backups, which means that passwords are only ever stored securely locally. Those passwords are encrypted using strong AES-256 encryption.
In addition to setting a master password for the password manager, users are automatically assigned a New Device Key (NDK). This complex code allows users to recover their passwords if they happen to forget their master password. For added security, users are able to log in to their account and request a new NDK. This is useful in case the user believes their backup code may have been compromised in some way.
Strong transport layer security
In addition to the strong end-to-end encryption that is used to secure and sync passwords, RememBear uses strong Transport Layer Security (https). We tested RememBear using Qualy SSL Labs, and we're happy to find that it scored an A+. This means that the firm implements robust SSL encryption that will help to keep your data even more secure when it is transmitted to RememBear’s servers when being backed-up or synced.
Closed source but professionally audited
Admittedly, RememBear is a closed source platform, which means that it can’t be audited freely or on an ongoing basis. In order to eschew the implications that come from closed source software, the company worked with a professional auditing firm from Germany, called Cure53. That security firm audited RememBear’s platform to check the implementation of its apps, infrastructure, servers, and encryption - to ensure that it all works as it should.
According to the report, which is available on Cure53’s website, only one critical flaw was discovered during the audit. That flaw could have permitted an attacker to exploit the autofill feature. However, we spoke to RememBear and they informed us that this vulnerability had since been patched thanks to the work undertaken by Cure53.
A dedicated penetration test by experts like Cure53 is much more thorough, immediate, and on-demand.
As a result of this audit, it seems fair to say that despite being closed source, users can feel confident that this platform has undergone proper scrutiny from a genuine auditing firm. As RememBear points out “a dedicated penetration test by experts like Cure53 is much more thorough, immediate, and on-demand” than open source testing - which can take a lot longer to pinpoint vulnerabilities (because nobody is actually being paid to thoroughly audit the platform).
Of course, some people may still prefer to use a completely open source platform. However, it seems fair to conclude that the privacy and security provided by this platform is more than adequate for most people’s needs.
Privacy policy
Next, we checked the privacy policy to ensure that it contained nothing that seemed out of place. Firstly, it is worth mentioning that TunnelBear (RememBear’s parent company) is based in Canada, and for this reason, it must abide by that country's laws. This is not an ideal place for a privacy-focused company, however, this is of little concern for RememBear thanks to its zero-knowledge stance.
The policy does state that RememBear users will have their IP address logged - both when they use the RememBear website and when they use the RememBear service. This is not necessarily problematic, but it is worth bearing in mind if you are also a TunnelBear user (as a VPN user you may prefer them not to be logging your IP at all). On the whole, however, as long as the IPs are never tied to your VPN connection logs directly - there should be no issues.
Lock feature
Finally, a lock feature is available for RememBear that ensures the password manager is not left logged in for long periods of time. Users can either lock the password manager manually or opt to have it lock up when their computer changes state, such as locking, sleeping or shutting down.
In addition, users can opt to have RememBear lock after a set period of time. For this test, we set it to 5 minutes in order to get the most security as possible. Similarly, the browser extensions are set to automatically require the master password after 5 minutes and will require the master password each and every time you restart your browser.
No Two Factor Authentication
RememBear implements 2FA that can be used with any online service that support it. This allows users to autofill a six digit 2FA code into those services. This is a cool intergrated feature that allows people to gain the added security of 2FA without having to turn to a seperate 2FA app such as Authy or Google authenticator.
Customer support
When it comes to requiring customer support for an easy-to-use password manager, the reality is that there is little that can possibly go wrong. RememBear is designed from the ground up to walk you through the process of importing and saving passwords to the vault, and the website has a good number of blogs available that explain some of the more techy details, and fundamentals for using the service.
This should be enough resources to allow most users to get the service working without issues. However, for those that need it, email support (with priority support for paying users) is available via the website. We asked a question and got a response within a 14-hour window using the free package.
Conclusion
RememBear is a password manager that makes storing and recalling passwords both secure and easy. This password manager’s design definitely makes it a good option for beginners and anybody looking for a problem-free, autofilling password experience as they browse the web.
The availability of extensions and stand-alone clients for most popular platforms makes this a good option for most consumers. And, because RememBear is available for free, most people can start sorting passwords right away. However, do bear in mind that if you do use this for free over a long period of time - you may be opening yourself up to the risk of losing your passwords as they are only saved locally and never get backed up.
The fact that this password manager is closed source may put some people off. Closed source code cannot be analyzed freely, meaning that it is hard to verify whether RememBear has patched the vulnerabilities discovered during the Cure53 audit. That means you do have to trust the firm to have done what it claims (in regards to fixing these previously-discovered issues). However, we do take RememBear at its word when it said it has patched those issues because it would seem counterproductive not to fix them. Whether you agree is completely down to you.
Overall, we found this to be an excellent password manager that gets the job done with strong end-to-end encryption and is worth testing using a free account.