7 minute read
When we started designing the security model for RememBear, we regularly asked ourselves, “What would happen if someone successfully hacked our servers?” Working from there, we removed as many attack vectors as we could. Our goal was to make sure you could sleep comfortably at night knowing your information is safe, even if someone managed to gain access to a RememBear server.
To help keep your information secure, we created RememBear Backup Kits. Your Backup Kit stores your New Device Key, your email address and your Master Password. If you don't have a Backup Kit yet, or you'd like to know more about them, this article will show you how easy it is to make a new Backup Kit, along with a quick refresher on why it’s so important.
Create your Backup Kit when you sign up
The first time you open RememBear, a majestic looking bear will ask you to create an account. You should use a strong, memorable Master Password that no one will guess, but you can remember easily.
From there, you'll be asked to "Create a Backup Kit". Follow the prompts to either write down or print out your Backup Kit. Skipping this step means you might lose access to all of your passwords when you least expect it, like if you break or lose your phone.
Create an Account
Create your Backup Kit inside the app
If you already have an account, follow these steps to quickly create a Backup Kit:
- Click the Gear icon in the sidebar
- Click Account
- Click Create Backup Kit
- Print out your Backup Kit and add your Master Password
- If you don’t have a printer, you can write your New Device Key, email address and Master Password down on paper
- Store your Backup Kit somewhere safe
- Tap Settings
- Scroll down to Account
- Tap Create Backup Kit
- Write your New Device Key, email address and Master Password down
- Store your Backup Kit somewhere safe
Create a Backup Kit
Back it on up
Your Backup Kit is important because sooner or later, you’re going to need it. Whether you stay on one device or add multiple devices to your account, you’re going to need your Backup Kit to login some day, because you can’t stay logged in forever on one device.
all it takes to protect yourself from losing all of your passwords is a little piece of paper.
Maybe you’ve just bought a new phone and need to transfer your account, but don’t have access to your old phone. Maybe your laptop is crushed by someones oversized carry-on as it rolls around in the overhead compartment. Maybe it’s as simple as iOS hard logging you out after updating because it has internal safety checks. Anything can happen. The point is, all it takes to protect yourself from losing all of your passwords is a little piece of paper.
Make a physical copy
You don't need a printer, but you do need to have some way of copying your Backup Kit. A pen and paper is fine. Be sure to copy your New Device Key, the email address you used to create your account, and your Master Password. How you create it doesn’t matter. As long as you have a completed backup kit and a safe place to put it, you’ve done a great job.
Your kit should look something like this
A quick note on fingerprint scanners
Some Bear owners, that use Touch ID or Fingerprint Scanner, have contacted us to say they forgot their Master Password because they never have to use it (I’m guilty of this too). Fingerprints are a convenient way to unlock apps, but if you’re logged out, you can’t always use your fingerprint to log back in.
It's really easy to get logged out of apps by your device now that operating system makers have started locking down app permissions to improve device security. If an app updates and your OS doesn’t recognize the new app version, your OS might need to log you out before it can reauthenticate the new version.
Without knowing your email address, your New Device Key and your Master Password, you cannot log back into your RememBear account, so unless you never update RememBear, which is a really bad idea, there's a chance your device will log you out during a future update. Be sure to keep your Backup Kit handy, and you'll be fine.
Keep your Backup Kit handy if you use fingerprint scanners
Hide your Backup Kit
Now that you have a copy of your Backup Kit, you need to put it somewhere safe. And no, writing it down in a notebook isn’t a safe place unless you put that notebook in a vault. Do not write everything down on a post it and stick it to your laptop or monitor either. Don’t save the information in a text file on your desktop either. Think of an actual, honest to goodness safe place where no one will see it, find it, or accidentally throw it out.
You can have fun with this part really. Maybe make a treasure map and hide the different pieces around your house. Wherever you store it, try your best to make it hard for someone else to understand what it is, but easy for you to access.
Put your Backup Kit somewhere safe, like an actual safe.
Do not lose your Backup Kit
If you're ever locked out of your account, we’re sorry to inform you, but there is no way to retrieve your Master Password or send you a link to reset that password. RememBear was designed to prevent as many different hacking scenarios as possible, so we never have a copy of your Master Password and password reset links can be abused very easily.
It might sound like we’re harping on about this (because we are), but if you don’t have your Backup Kit and you get locked out of your account, there is no way to get your Master Password back. Even if there was a password reset option, you’d still need your New Device Key and your email address to access your account once you’ve been logged out. New Device Keys are created and saved on your device so they never travel through the internet and we never have a copy.
If you haven’t already:
- Create a strong, memorable Master Password for RememBear
- Fill in your Backup Kit
- Check it multiple times to make sure it’s correct
- Put it somewhere you won’t lose or damage it
When that’s all finished, pat yourself on the back for a job well done and rest easy knowing that when you need it, your Backup Kit is in a safe place, waiting to help you authorize your devices.