RememBear is a password vault and manager that can be synced across devices on the go. It is a simple, nonsensical password security app from the makers of the TunnelBear VPN.
Emphasizing on the company’s philosophy of simple, easy-to-use privacy apps, RememBear fits the bill perfectly. For a non-technical person, an innocuous question may pop up in their mind about Google Chrome, Firefox or even Edge having a similar feature to store your website credentials and even bank login details in recent times. While this may seem like an easy way out, it does involve some serious risks and that’s where the password manager/vaults come in.
These apps are designed to keep data intruders and hackers at bay while providing a safe haven for our login credentials, pins which have grown exponentially in number in this digitization and technology-centric era. RememBear is a password vault/manager designed for beginners and users who are looking for an uncomplicated, swift method of storing login credentials. Their lack of features in the premium plan can irk many users but it is a frontrunner in the freeware segment where reliability and optimization are put above all the shmancy features.
Conclusion
RememBear is a no-nonsense, easy-to-use password vault whose MVP is simplicity. Non-technical users would be in awe of the ease of operations. It is probably the easiest password manager on the market right now, along the lines of LastPass. Adding a third-party cloud backup feature could sweeten the pot for a lot of users. The makers have promised the addition of several features in the past year since its beta launch.
We hope that they will listen to the customers because they are not exactly wrong about it. Paying customers want something more than synchronization, something that LastPass offers in their free plan. RememBear will have to do a little better than that. The lack of solid features for premium users could be the only thing holding them back from being a real threat to the market leaders like LastPass and Dashlane. This password vault has all the ingredients of being amongst the top password managers out there. We are counting on TunnelBear’s developers to charm us further.
After installing RememBear, you get a prompt for registration. As soon as you are done with it, a prompt for Import Logins appears on the screen of your desktop client.
You get two options in Import Logins, namely the import from another password manager and the Import from browsers.
The first option requires an exported CSV-format document generated from other password managers. You can either browse manually through your files and folders or use the DRAG and DROP option to drop it inside the window. The second option is effortless per se. The moment you click on this option, it shows a list of passwords from different web browsers. Often times, login credentials are duplicated due to various reasons. This can be overcome as the software gives you the option to deselect certain passwords from the list.
The feature to deselect certain LOGIN CREDENTIALS also comes in handy in a scenario where you want to keep certain unimportant passwords with the web browser itself to avoid cluttering the essential ones. If you want to keep the login credentials of some Internet surfing profiles limited to the browser itself, you can simply untick the checkbox that is positioned next to each of your installed web browsers.
The import option can also be accessed at a later time from Settings > General
Note: The import option is available for the Windows and Mac desktop clients only.
Export data
Exporting data is as simple as it gets. Head over to Settings > Account and click on the Export option. A CSV-format document is generated in a cell-based table formatted style, with separate columns dedicated to individual credential entries.
It is a feature that I thoroughly missed in the LastPass software, which ordinarily opens a new HTML blank page with generic form data separated by commas.
Inactivity Lock
We all have been guilty of leaving our devices unattended at times, which can result in unwarranted access to folks with whom we do not wish to share certain information. The inactivity lock is a neat feature for users who like the logout option on an automation basis.
What we found this password manager to be lacking is the feature to conceal passwords and other login credentials from a simple hover on the i button as they become visible once you enter the master password on the login screen. Some of their rivals like LastPass and StickyPassword have the option to re-prompt for entering the password when performing certain actions. I will talk about the security aspect of this later on.
You may need to share LOGIN credentials from time to time. The need for this kind of feature has gained popularity among businesses where collaborative work is essential. The desktop app has the option to share your login credentials for different websites. All you need to do is to click on the SHARE button next to a particular set of LOGIN details and you will get a shareable link that can be shared with anyone. Once the receiver opens the link, it will self-destruct the confidential information (read LOGIN information) thus making the link unusable for others.
Note: Links expire after 48 hours after creation.
There have been arguments about the security aspect of this feature, something that is debatable. The mere access to a link by an intruder can lead to a severe compromise of sensitive digital and intellectual property of a user. I tried the sharing feature of LastPass and StickyPassword (both of them in PREMIUM trials). To my utter disappointment, neither one of them went as I had imagined and both failed to provide access to the receiver. I have contacted their respective customer support regarding the issue. We will discuss that aspect later on in this article.
Backup-Kit
Forgetting the password to access YOUR passwords can be one of the worst nightmares that anyone can have. The Master Password, though strong and complex in nature can sometimes be forgotten by the holder. For such cases, there is a need for a backup plan to recover the vault. Fortunately, RememBear has that feature in the form of a Backup-kit. It is a 30 digit alpha-numeric key that can be either printed as PDF or simply jotted down on a piece of paper, it’s up to you. Keep it confidential and in a secure location from where it can be retrieved at a later time without any hassle.
Remember, this is the last and only infinity stone that can recover your Master Password and help gain access to your LOGIN details. Team Thanos, anyone?
Web Browser password sync with the Desktop app
The web browser extensions are synced with the Desktop client and smartphone app. This is a crucial feature for instances where a user might forget to lock the vault on their Desktop. If this happens, they can also lock it from their smartphone app of the vault.
Secure Notes and Credit Cards
Apart from website LOGINS, credit card information and written notes can also be secured. They are fairly simple to add. Notes have a title and a description of up to 6000 characters. Oblivious to the fact of the character limit, I put in 40,000 characters. This resulted in the app freezing for some good 10 seconds and then ultimately crashing. The credit card option can add any card information such as the PIN number, expiry date, zip code etc. with a cute little notes box to jot some additional information along with the card details.
The app is fairly simple and neat, free from clutter of any kind. On the login page, you are greeted by an animated dynamic bear which is an engaging tiny touch to the otherwise boring page. The installation process is fairly simple and generic. First-time users get a prompt for registration and the option to set the Backup-Key for the cases when they may forget their master password and want to regain access to the vault.
Meanwhile, returning users must validate their new device with the New Device key that can be found under Settings > General.
All the options (logins, secure notes, credit card, etc.) are given on the collapsible sidebar on the left side. Adding user credentials, notes, and credit/debit card information in RememBear is the amongst the simplest I could find on any similar app, and on par with LastPass, if not even better in some aspects.
Head over to the bottom part of the app’s window and click on add new. A drop-down menu consisting of 3 options – Credit Card, Secure, and Login – will pop-up on the screen. You know what to do next. The All Items option displays all the LOGINS and Notes that have already been added by the user, in a brief headline oriented manner. All the login credentials can be accessed from here.
You need to select any of the LOGIN information that you want by a single click on the name as set by the user. All the information stored will appear on the screen.
It is easy to add a new login manually
You can either copy any of the information from there or access it by clicking the launch URL button, which is given in the subset form below the name of the LOGIN CREDENTIAL. Below the user credential/notes, there is information about the date of creation and date of modification of the credentials/notes. If you go further down, to the bottom right, you can find the option to edit/trash (delete) the respective note/LOGIN.
The Search option is present to facilitate navigation. Searching for any character present in your user credentials/notes will display results accordingly. This is convenient in instances where a user might not remember the title of a user credential/note. There are two options for dealing with redundant logins/credentials.
The Move to Trash option can be used when there is ambiguity about the future relevance of the note/login. Use the Delete Permanently option only if you are sure about its redundancy. Both options can be accessed by a simple right-click on the note/user credential.
Note: Deleted notes/login can be found in the Trash folder and restored until it is permanently deleted by the user.
You can choose to access either of the three kinds of user credentials from their exclusive dedicated table of credentials by selecting the respective option from the left sidebar. The desktop app also has the option to automatically lock the app after a pre-set time of inactivity, as set by the user. The pre-set time of inactivity can range from 5 minutes to 1 day.
Web browser extensions are login-synced with the desktop app, meaning that the desktop app needs to be logged in to be able to access the option in the browser. You can also sort your user credentials/notes by alphabetical order, recently used, recently updated. This option is positioned below the Search bar.
The computer resources used like RAM and processor power usage are on the lighter side of the spectrum as compared to competitors like StickyPassword and others. I might add that this app is on x64 bit while StickyPassword is an x32 bit app.
The mobile app UI is neat and undemanding. Everything you need is on the screen, ranging from adding user credentials to a leftward sliding menu, similar to the desktop app.
Deleting is effortless on the app. If you swipe right on a credential, it will end up in the trash folder on your desktop app. However, the Trash folder would be useful on the mobile app. The RememBear browser, powered by Google Chrome WebKit, gets the job done. The tabs experience is above average and is able to handle resource-intensive web apps.
You can set your default search engine, clear your browsing history or request a desktop site. The functionality and feel are similar to the incognito mode of Google Chrome for Android. Autofill is the feature that I can get behind. As the name suggests, it auto-fills the user credentials on web apps. If you are not a fan of autofill, then the floating-coin-shaped RememBear quick access toolbar on the screen for quick access does the job as well.
Talking about security, there is a login option based on a numeric pin-code available for users who don’t like typing their complex passwords on a touchscreen every time. Fans of dark backgrounds on screens will appreciate the dark theme of the app instead of the default off-white theme. The dark theme is easy on the eyes and reduces battery consumption. Logging into the smartphone app on a new device for the first time requires scanning a QR code by the app from the desktop client for existing users.
The desktop web browser is available for Google Chrome, Mozilla Firefox, and Safari. The extension for Chrome should also work for Opera as both are built on the same web-kit. The desktop client must be active at all times in order for you to access the extension/add-on on your web browser. This can irk certain desktop cybernauts who spend a lot of time on the Internet using their web-browsers. Adding 2 extra steps for accessing your password can be infuriating.
RememBear might lose its edge against modern-day web browsers who have the capability to autofill and store confidential information, apart from user credentials. On the other hand, LastPass allows password-prompt-based quick access to vault items which is the way many of us would like.
Clicking on the RememBear icon displays a small square-ish popup with one-click access to your stored credentials. There is a search option available, which is convenient for locating your passwords. The extension’s Autofill feature reduces the workload of your web-browser. You can only view the entries inside the extension. Editing them requires the desktop or smartphone app.
Talking about features, the password generator is something that caught my eye. It does a fairly competent job in suggesting a secure password. You get two options of either using words or random characters. Random-character passwords can be further customized on the basis of length, the number of digits, commas, etc.
RememBear’s security model is similar to the one of LastPass, StickyPassword, and 1Password. It needs a Master Password to unlock your vault and a device key to authenticate your device. They use zero-knowledge encryption, which means that the decryption key of your master password cannot be opened by a third party. Therefore, there is no way for anyone to know your Master Password. If somehow anyone gets wind of your master password, then the NDK (New Device Key) comes into play which is needed to authenticate a device, verifying the legitimacy of your device.
RememBear uses end-to-end AES256 US-military standard encryption for its application. Data is encrypted at all times, which means that it is encrypted when it passes back and forth through the RememBear servers while syncing (premium version). The encryption and decryption happen only on your devices. RememBear or server transit intruders cannot read the data.
Tip of the hat to RememBear’s security structure for using Secure Remote Password (SRP). This allows the RememBear to verify your password without actually knowing it. The service and your device agree on a “shared secret” (based on cryptogenic calculations) to pass those values back and forth to prove the legitimacy of the vault login without revealing the password to their servers.
In 2017, TunnelBear, the parent company of RememBear conducted a security audit. Cure53, a security penetration company was given the job of finding flaws and issues. All of the found issues were fixed and Cure53 was invited again to analyze further issues. They were also given WHITE-BOX testing access to find vulnerabilities in different builds of their app.
The seamless and neat user experience signifies the fact that we can rely upon the user-friendliness of RememBear, even though the premium version lacks features. After the installation, you are asked to save a backup-kit. The back-up kit is essential for recovering the vault, as we discussed earlier. Without the Backup kit, it would be impossible for the user to recover the vault. RememBear has emphasized on that on numerous occasions. After that, a prompt for importing passwords from web browsers appears. It makes the user’s initial impression a seamless experience without any hitch. The achievements serve the purpose of familiarizing the user with a variety of features that the app has to offer. It covers all the basics of general usage. They play a pragmatic role in training the users about the features and general operations of the application.
For an app as simple as RememBear, support is not really necessary but the icing on the cake. However, if you need anything, you will find it in their “Help” section. Basically, there are five sections in the support section with a search box to navigate and browse through the support articles. The sixth section is for contacting them, in case you are not able to find what you are looking for.
We tried the option of contacting them by sending an email and over Facebook
Here is what we sent them: “My Chrome plugin is not installing. Whenever I try to load it, it fails to respond and shows no error whatsoever. Kindly help.”
Facebook support was a few hours quicker than email support. Both of them suggested the same method and the issue got resolved. We also contacted LastPass to compare the response time and the quality of the tech support. It took them twice as much time to respond. We might have to cut them some slack though, given the large number of support requests they probably receive on a daily basis.
Sync across devices – Synchronization of data across authenticated devices in real-time helps to access passwords and credentials on the go.
Secure Backup of Data – Encrypted backups are stored on RememBear’s servers. They can be accessed anytime from any authenticated device with their app.
Prioritized support – Front of the queue in support ticket resolution and dialogue. Who likes waiting in line? No one. We hope that they stay true to their commitment in the future as well.
Marcus is a cybersecurity analyst with a focus on VPN and proxy services. As the founder and driving force behind a prominent VPN and proxy website, Private Proxy Guide, Marcus has emerged as a trusted authority in the digital realm. With a passion for staying ahead of evolving cyber threats, he has played a pivotal role in educating and empowering individuals and businesses to safeguard their online presence.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
