
RememBear Official Launch - cyberon
https://www.remembear.com/blog/remembear-official-launch/
======
g2294994
Just for the heck of it I created a test account with their password manager
with a few honeypot accounts on a VPS server.

Within 2 hours one of the "honeypot" SSH accounts I put in my password manager
was accessed with the creds I provided in the password manager. Now I
understand there is internet wide scanning but a succesfull login with a
random 12 character username and password I had in my password safe is very
unlikely to be a random bot account.

Tomorrow I might have a bit more time to throw a few more honeypot accounts in
there and see if they attempt to login.

For the time being I would highly discourage anyone store their passwords
there.

(using a random throwaway account for obvious reasons, I don't want any
retaliation against my startup on my main account from these guys.)

~~~
PirateBay
Really sickening that this sort of stuff is going to inevitably be aggressivly
marketed to unsuspecting people. Tunnelbear(same company) is shilled extremely
hard by youtube tech content creators who should know better, to people who
trust them.

~~~
frio
Most analysis I can find (admittedly, I've only tried a few variations of the
search on Google) says TunnelBear is a relatively decent paid VPN. Are you
implying TunnelBear, the company, _shouldn 't_ be trusted? If not, why not?

~~~
computerfriend
One reason would be that they allegedly steal passwords entrusted to their
password manager.

------
yeasayer
This is suspicious. They have the VPN traffic, now they want passwords.
Encrypted of course, but still. The trust just isn't there. The company is too
young. I don't trust them just because they have great design and UX.

------
caiob
McAfee RememBear (!) How's this any better than 1Password? I'd like to hear a
compelling reason to switch besides "our app has a bear in it"

~~~
nikolay
Unfortunately, 1Password does not support 2FA for personal accounts. :(

~~~
johnd2018
Yes, they do :)

[https://support.1password.com/two-factor-
authentication/](https://support.1password.com/two-factor-authentication/)

They also support 2KSD on all hosted accounts

[https://support.1password.com/secret-key-
security/](https://support.1password.com/secret-key-security/)

Ergo: master password + secret key + OTP

~~~
nikolay
Since when, wow?! I thought they supported just Duo for their business tier! I
read all their email communication, etc., and I didn't know about this! They
need to do a better job of communicating things to customers as this is
groundbreaking!

~~~
nikolay
Oh, this is just OTP to log into my 1Password account. I was talking about
merging something like Authy into 1Password.

------
philip1209
Looks like a clone of 1Password, from the interface to pricing.

~~~
heyoni
My thoughts exactly. I was looking around thinking maybe they had some third-
party audit they could lord over 1password but they don't =\

------
ebbv
Yeah no way I’m gonna trust my passwords to the kings of unwanted bundle ware.

------
pm
Anyone have any links or experiences as to why TunnelBear/RememBear is dodgy?
I can't find anything online that's definitive.

------
favadi
How does it compare to 1Password? The price for individual is the same.

