RememBear, a product of the same team behind TunnelBear VPN, is a decent password manager that fails to offer an alternative to its higher-ranked competitors due to a lack of features. However, as its devs are working hard to remedy this, expect a higher ranking soon.
Free plan available
If it weren’t for a lack of core features, RememBear would easily earn a spot in our best password manager guide. It’s easy to use, cheap and built around a secure infrastructure, to boot. Even so, its lack of functionality makes it a tough sell for power users, despite offering a good free plan.
In this RememBear review, we’ll go over everything we liked and didn’t like after spending some time with it. We’ll discuss features, pricing, user friendliness, security and support before giving our verdict.
If you’re wondering about the strange spelling of the product’s name, this is due to RememBear coming from the same den as TunnelBear, one of the best free VPN providers out there. However, as you can read in our TunnelBear review, that service also lacks some advanced features.
We like RememBear for beginners as it’s dead simple to use thanks to its relative lack of features. If you need to recommend a password manager to someone who isn’t familiar with tech, this is the one you should go to.
However, for anyone looking for capabilities such as password sharing, you’re better off elsewhere.
- Easy to use
- Solid security
- Fast support
- Free plan
- Lacking features
- Mediocre paid option
RememBear launched in April 2018, so it’s definitely the new kid on the block. It’s clear that the application’s focus is security and usability and, from our testing, that focus paid off. However, some features fell by the wayside.
While we would trade usability for features any day, this compromise shouldn’t need to be made for a paid product. Even as the newcomer, RememBear is lacking core functionality that a modern password manager should have.
The paid version comes with multi-device sync and password backup, but that’s it. RememBear is missing vault sharing, emergency access and more. While we’re content with how well syncing and backup works, we’d like to see more features that allow RememBear to distinguish itself from the password manager crowd.
Sticky Password, for example, focuses on options like USB export, offline sync and local network sync, making it a great choice for techies (read our Sticky Password review). RememBear struggles to maintain parity with even mediocre password managers, much less stand out from the crowd.
The lack of features is embarrassing, especially on the paid plan.
The application isn’t bad, though, as long as you’re willing to compromise on features. The browser extension’s password generator offers more functionality than most. You can specify overall length, number of digits, capital letters and symbols.
While it gives you more control over the passwords you generate, it’s still a random bunch of characters that you’re never going to remember. That’s the purpose of RememBear, after all.
Outside of passwords, RememBear can store secure notes and credit cards. Each entry has a field for notes underneath it, too. Password and credit card storage is expected, but we’d prefer storage space for addresses over notes. The best note-taking apps exist for a reason, after all, and quick access to addresses makes more sense, here.
RememBear doesn’t feel rushed in its usability, but it does in its feature set. The worst omissions are password sharing, address storage and two-factor authentication options. Other password managers at this price point come stock with these features and build on top of them with unique offerings.
RememBear Features Overview
RememBear has a simple pricing model that’s in line with other password managers. The Premium plan, while inexpensive, doesn’t offer the punch of other providers. 1Password, for example, offers a more impressive feature set at the same price (read our 1Password review).
1-year plan $ 3.00 / month
$36.00 billed every year
As mentioned in the previous section, RememBear is a new product, and its light touch on features doesn’t stack up against more evolved options on the market. The Premium plan doesn’t make sense until RememBear expands its scope.
The free plan is pretty good, though. You get unlimited password storage on a single device with support for all entry types. It’s missing multi-device sync and vault backup, but, for free, we can’t complain.
Premium allows you to sync your passwords and backup your vault. Even so, it doesn’t hit the mark set by other password managers at this price. 1Password is a great example, but so is Dashlane, which offers features like a universal password changer, dark web monitoring and single-point VPN for only a couple of dollars more (read our Dashlane review).
RememBear’s pricing isn’t bad, even without the extras that Dashlane includes. The problem is that core functionality is missing, even with the paid plan. There’s no 2FA support, entry sharing or emergency access.
These features may be added in the future, but they’re not offered now, so we can’t hold our breath.
For all of the missing features, RememBear isn’t a bad password manager. The user experience is a testament to its worth in the market, and easily our favorite aspect.
There are three things that happen during setup. First, you’ll be instructed to save a backup kit. The backup kit is the only way you can recover your account if you forget your master password. The kit includes your email address, master password and device key, which you can use to authenticate your account on a new device should you lose your current one.
After saving or printing your backup kit, you’ll be prompted to import passwords from your browser. Dashlane is the only other password manager we’ve encountered that asks you to do that during setup.
While other password managers support browser import after install, Dashlane and RememBear are among the few that do it during setup. Configuring the installation this way allows you to get up and running with the password manager immediately.
Finally, you’ll be asked to install the extension in Chrome, Firefox or Safari, if you’re on a Mac. This three step process isn’t time consuming, and allows you to use the password manager without any additional configuration. RememBear walks you through the core setup steps, making it simple for even the most tech-deficient.
After completing the installation steps, you’ll be brought to the achievement screen in the UI. Achievements are awarded for completing different actions in RememBear. The beginning list of six is for the desktop application, but more achievements will be added as you expand to applications on other devices.
Achievements don’t give you any rewards, and that should be something RememBear considers in the future. They still serve a practical purpose, though. By displaying achievements immediately after installation, new users can quickly become acquainted with the different areas of the service.
Adding a new device to your plan is one of the achievements. RememBear will ask what type of device you’re adding and, if it’s mobile, display a QR code. After downloading the RememBear app on iOS or Android, you can scan the QR code to authenticate.
The Desktop UI
The desktop application is basic. All navigation is handled with the collapsable left-side menu. The top four options are for different entry types. There’s “all items,” “logins,” “secure notes” and “credit cards.” You can view your discarded entries in the trash option below that.
Clicking on your vault entries will show your username, password, URL and password strength, as well as the last time the entry was modified. You can find your entries by sorting them alphabetically, by most recently added or by using the search bar at the top of your list.
There’s no way to organize your vault outside of sorting your entries. RememBear doesn’t support folders, tabs or tags. Our test import contained 113 passwords, which isn’t an uncommon amount, and RememBear offered no way to segregate them outside of entry type.
You can find what you’re looking for by searching, but making sense of the data stored in your vault is important, too. We like the folder-based approach of LastPass more (read our LastPass review).
RememBear could benefit from such a system.
Below your entries and trash is the achievement and device menu, each of which explains itself. At the bottom of the menu, you’ll find the settings button. Here, you can import passwords from a csv, install the browser extensions, generate a new backup kit and export your data.
The Browser Extension
The browser extension doesn’t offer much functionality outside of auto-fill. Inside the extension, you can view all of your entries, but you can’t edit them. Attempting to do so will open the desktop application where you can make edits.
Clicking on an entry directly will launch the corresponding site and automatically populate your information.
Whenever you land on a payment portal or password entry field, a bear symbol will appear. Clicking on the bear will expand the valid entries for the field type and URL you’re on. If you’re signing up for an account, you can generate a password in the extension, and RememBear will automatically add it to your vault.
We like the password generator and snappy auto-fill here. Even so, a web-based UI or editing capabilities in the extension would help the browser experience.
RememBear uses a similar security model to 1Password, in which you need a master password and device key to authenticate and unlock your vault. RememBear has zero-knowledge of your master password, meaning it’s never seen or stored on servers.
Your master password couldn’t be compromised as part of a data breach for that reason. If someone were to learn your master password through other means, though, they could access your account. That’s where the device key comes in.
Your New Device Key (NDK) is generated when you install RememBear for the first time, and you can view it inside your backup kit. You won’t need to enter this key each time you login, as it’s only purpose is to authenticate a new device.
In the previous section, we discussed setting up the app on mobile devices using a QR code. The QR code contains your NDK, which authenticates that device for use. After scanning the code, you’ll still need to enter your master password.
The NDK ensures that authentication happens on the device separate from your master password. The NDK verifies the legitimacy of your device, and your master password is used as a final check.
RememBear uses end-to-end encryption with top-notch AES-256, which means that data never leaves your device or RememBear’s servers without first being encrypted. Encryption and decryption happen on your device, so it’s unreadable to RememBear or anyone who may intercept it during transit.
That’s because of RememBear’s authentication structure. It uses a key exchange known as Secure Remote Password (SRP). SRP allows your device and RememBear’s server to agree on a shared secret, which in this case is a series of cryptographic calculations, to validate you.
Your master password is never exposed to the server, even in hashed form.
The “handshake” that happens, then, is more secure. Even if a Man in the Middle attack was staged, the attacker wouldn’t have access to login credentials, encrypted or not.
RememBear is confident enough in its security structure to allow Cure53, a penetration testing company, to evaluate it and post their findings. (read our what is penetration testing guide). The testing occurred during August 2017 when RememBear was first released into public beta.
Four vulnerabilities were found, along with a few miscellaneous issues that are unlikely to be relevant. Three of them focused on DDoS attacks. The most relevant is a vulnerability where someone on the same network as you could request to access your vault and, if you allowed it, see your information.
As this attack requires user input, it’s less of a concern.
RememBear quickly patched all issues that Cure53 pointed out, which is a good sign.
The security structure is sound, though. There’s no risk of a data breach because your master password, nor any of its hashes, are sent or stored on RememBear’s servers. When and if 2FA is implemented, this will be one of the better security models offered by a password manager.
Support isn’t a major concern for password managers, and this couldn’t be more true than it is with RememBear. The application is rock solid, so there shouldn’t be many issues that would require support.
If you need something, though, you’ll find it in the knowledgebase. You can access it by clicking the “help” icon in the top menu anywhere on RememBear’s site. There are five categories in the knowledgebase, with a sixth reserved for contact options.
The topics are basic, such as syncing RememBear and viewing your billing history. Each section lists all of the articles in a collapsed form. Clicking on one will expand it, making it easy to find what you need without waiting for separate pages to load. The topics are fully covered, too, many with details for multiple operating systems.
As is common for password managers, direct support is restricted to email. However, unlike some of its competitors, RememBear allows free users to reach out. There’s a 48 hour reply window, but our experience was much faster. RememBear got back to our test inquiry in the same hour.
The support system, like the user experience, is simple. We wouldn’t mind more options, though, such as video tutorials or a forum. Even so, the support team is quick to respond and the knowledgebase suffices for most issues.
RememBear is a cheap, easy to use password manager that loses points from a lacking feature set. Even so, it’s highly secure, and you’re unlikely to find an easier to use password manager on the market.
It’s best used as a recommendation. There are a lot of people who want to recommend a password manager to their tech-deficient loved ones. The de facto option has been LastPass, as it’s easily the best free password manager available.
RememBear could dethrone it, though, at least for that market. There’s little in the way of features, but for basic password management on multiple devices, it’s really good. If you’re shopping personally, though, you’ll probably want to read through our other password manager reviews.
What do you think of RememBear? Let us know in the comments below and, as always, thanks for reading.