80 likes | 86 Views
Photographs for identification purposes have strict requirements. Lighting, expression, and framing are all controlled to enable authorities to quickly and effectively use them to identify individuals reliably. But what if you created an entirely fake photograph from scratch? Thatu2019s exactly what [Raphael Fabre] set out to do.
E N D
Photographs for identification purposes have strict requirements. Lighting, expression, and framing are all controlled to enable authorities to quickly and effectively use them to identify individuals reliably. But what if you created an entirely fake photograph from scratch? That’s exactly what [Raphael Fabre] set out to do. With today’s 3D modelling tools, human faces can be created in extreme detail. Using these, [Raphael] set out to create a 3D model of himself, which was then used to render images simulating a passport photograph. Not content to end the project there, [Raphael] put his digital doppelgänger to the test – applying for a French identification card. He succeeded. While the technology to create and render high-quality human faces has existed for a while, it’s impressive that [Raphael]’s work passed for genuine human. Obviously there’s something to be said for the likelihood of an overworked civil servant catching this sort of ruse, but the simple fact is, the images made it through the process, and [Raphael] has his ID. Theoretically, this leaves open the possibility of creating entirely fictitious characters and registering them as real citizens with the state, for all manner of nefarious purposes. If you do this, particularly on a grand scale, be sure to submit it to the tip line. We’ve seen other concerning ID hacks before, such as this attempt at hacking RFIDs in Passport Cards. Answering Passport’s Age-old Question This article first appeared on the blog of Contributor Development Partnership and is republished here with permission. For a recent conference presentation, the CDP Analytics team set out to answer a question: Has Passport’s popularity resulted in station files getting younger? Our hypothesis was yes. After all, when the Passport streaming benefit first launched, we noticed right away that Passport-acquired donors tended to be younger. So more Passport donors must be leading to a younger file … right? Wrong. A hypothesis is a hypothesis for a reason! After digging into four years of data across the Member Services Bureau, we found that the average age of MSB station members in early 2017 was approximately 69 years old. We then found that the average age of members in early 2021 was … approximately 69 years old. It hadn’t changed at all. In fact, it had stayed remarkably consistent across the entire four-year time period. So how is this possible? After all, Passport is driving a significantly larger share of new donors in 2021 than in 2017. While 2017 saw 10% of all new MSB donors joining via Passport, by 2021 that has jumped to a whopping 30%. What we found is that it’s the age of Passport donors that is changing. In 2017, the average age of a Passport- acquired donor was 51. By March 2021, it was nearly 59. Why is this happening? Well, this is the point where we need to come up with hypotheses for which we don’t have clear answers in the data. But a few possibilities:
Donors will give where you ask them to give. Stations are promoting Passport much more heavily than they were four years ago. When it was first introduced, someone had to seek out Passport. Now, Passport is actively promoted to donors/prospects. That means: Donors who are aging into traditional nonprofit giving cohorts and were primed to give now have Passport as one of the most visible avenues for giving. During the pandemic, the popularity of digital engagement, and streaming services in particular, exploded. As a result, interacting online has been normalized for older donors who may have once preferred to donate via offline channels and to spend their entertainment dollars in the physical world. We’re all getting older: A donor who is 70 now is younger than a donor who was 70 ten years ago — of course. The 70-year-old in 2021 was in her 40s when the internet became popular and is much more likely than a 70-year- old even five years ago to have an email address and be comfortable using the internet. What does this mean for us as fundraisers? Well, it means it’s very important for us to use data to know who our donors are. (If you’d like CDP’s help with demographic data, get in touch!) It also means we should be open to rethinking who our “Passport donors” are and how we communicate with them. What does this mean for us as fundraisers? First, if you want to counteract the aging of your file, consider door-to- door canvassing. It’s one of the only acquisition strategies that is proven to consistently deliver younger donors. And while you’re working to build the file you want for tomorrow, make the most of the file you have today by offering services and conveniences older donors will value and appreciate. Examples include FreeWill, CDP’s online will generator that has secured http://query.nytimes.com/search/sitesearch/?action=click&contentCollection®ion=TopBar&WT.nav=searchWidget&module=SearchSubmit&pgtype=Homepage#/UK Driver's License Generator hundreds of thousands of dollars in legacy gifts for stations in just a few short months. As for Passport donors, we should be open to rethinking who our “Passport donors” are and how we communicate with them. The hopeful takeaway from these findings is that our “Passport donors” are increasingly looking like our traditional donors, not just younger streamers who think of themselves as being enrolled in a pay-as-you-go service. As the lines blur, it also stands to reason that even our philanthropic donors are more likely to associate the value of the Passport benefit with their membership to our stations — which means we’d better make sure that value stays high! Dan Atherton is associate director of business data and analytics at CDP. He has been working with nonprofits for more than 10 years to develop award-winning strategy, design BI tools and build analytics environments. Kaspersky Password Manager
Although the best-known password manager utilities once all came from one-product companies, major security software makers have since joined the field. Kaspersky Password Manager performs most of the expected password management tasks, plus it offers a permanent free version and includes useful document scanning tools. However, the service is missing other common features, such as login sharing and password inheritance. It also suffers from an inconsistent form-filling experience and a web extension that’s basic, at best. A recently disclosed vulnerability with the password generator tool (that's now fixed) concerns us as well. How Much Does Kaspersky Password Manager Cost? At $14.99 per year, Kaspersky is among the least expensive paid password managers. A paid account allows you to store an unlimited number of entries and access them on as many devices as you want. Note that Kaspersky’s fine- print identifies the $14.99 price as "Introductory Pricing for New Customers." Still, that price hasn’t changed since the product’s initial release. For comparison, Keeper Password Manager & Digital Vault is $34.99, LastPass Premium costs $36 per year, and Sticky Password Premium comes in at $29.99 per year. Dashlane's limited Essentials plan is $35.88 per year, but you need to pay $59.99 per year to get all its features. Bitwarden's Premium tier costs only $10 per year. Budget-conscious users will be glad to know that Kaspersky offers a permanent free version of its password manager. Although you get all the features of the paid version, the free versions limits you to a total of 15 items in your vault, be they logins, credit cards, notes, or documents. Most people will run up against that limitation quickly. Other free password managers do not have that limitation but are missing other features found in the paid versions. MyKi is a free option with no limits on how many passwords you can store, but it has limited form-filling capabilities. Bitwarden's free version also does not impose vault or syncing limits, but it reserves many of its security reporting features for premium users. Getting Started and Importing Passwords To set up your Kaspersky Password account, download its app for Windows, macOS, Android, or iOS. We tested the experience on a Windows 10 laptop, an Android 11 device, and Edge via Kaspersky’s browser extension. Once you install Kaspersky Password Manager on your chosen platform, you need to create or log in to your My Kaspersky account by providing an email address and password. Then, you create a master password. A master password should be strong and unguessable, but you still need to remember it. Kaspersky rates your master password’s security strength as you type it, which is helpful. Kaspersky supports two-factor authentication (2FA) logins, which greatly increases the security of your vitally important password collection. You need to log in in to your My Kaspersky Account online to set it up. Kaspersky requires you to add your phone number as one of the methods, but does support app-based authentication, for example, via Google or Microsoft Authenticator, on some platforms. Most password managers let you set up 2FA with an authenticator app, and some even support authentication via hardware keys from YubiKey or Titan, which we would like to see Kaspersky add. It should be easy for people to switch from one password manager to another; Kaspersky has decent, but not class-leading, import options. It can import from older versions of itself, 1Password, Dashlane, KeePass, LastPass, and Norton Password Manager, as well as from Chrome and Firefox, but Edge is not currently listed as an option. Other password managers, including Enpass, LastPass, and KeePas can import from more competitors. Organizing Passwords
Kaspersky Password Manager’s Windows version has a new, clearer design. The white-and-green color scheme is still present, but menu elements are better-spaced and the navigation experience feels more straightforward. We would like to see Kaspersky add a dark mode, however. Closing a pop-up section within the app occasionally caused it to stall in testing, but it never crashed completely. The app’s left-hand menu lists 11 choices: Main (new), All Entries, Websites, Applications, Bank Cards, Documents, Addresses, Notes, Password Check, Password Generator, and Additional. In the Settings section (under the Additional menu), you can configure the app’s startup behavior, change the auto-lock settings, and toggle auto- fill settings for different form types. Kaspersky lists all of its browser extensions available for download. All the software’s import and export tools live in this section, including those for creating local backup copies of your data. It's also possible to export a text file with your passwords. If you go that route, we recommend printing the file, storing the paper copy in a safe place, and then securely deleting the digital copy. Kaspersky Password's Windows App The new Main section shows vault items you've used recently as well as a list of any entry you've favorited. This page also gives you an at-a-glance overview of your passwords' strength, tallying all the strong, weak, duplicate, and compromised ones in your vault. Clicking the Learn More button takes you to the dedicated Password Check section, which we discuss in more detail later. A search bar at the top-right conveniently narrows the list as you type, showing only items that match what you've typed. The All Entries section shows everything in your vault; you choose between List and Tile views. The List view shows a left-hand column with entries in each section and selected items' details appear in a big panel to the right. The Tile view displays folders and items as rectangular tiles, which give you quick access to the entry's associated website URL, your username, and your password. To organize your passwords and other saved items, Kaspersky lets you create as many folders as you like and drag related items into them. However, these folders are only visible from the All Entries section of the interface. So, you can’t, for example, view the folder structure in the Websites section or create folders specifically for entries in that section. Kaspersky doesn't support nested folders the way LastPass Premium, Sticky Password, and Roboform do. In each section, you can add or edit items manually, plus copy any entries to your clipboard for manual filling. The Password Generator now gets its own space in the menu, whereas it was previously hidden within the Settings section. A new keyboard shortcut option (Additional > Settings > Advanced > Fast Hotkey Credentials Search) lets you calls up a simplified list with all your vault entries from wherever you are in Windows, with the option to search for and directly copy any details to your clipboard. 1Password offers a similar mini tool, but we haven't found either to be excessively useful in testing. Password Capture and Replay You need to install Kaspersky Password Manager’s browser plugins to fill web logins. As expected, Kaspersky captures your credentials when you log in to a secure site. We found that it handled both normal and standard two-page logins like Gmail's just fine. Dashlane, Keeper, LogMeOnce, and several other products let you assign an item to a folder at capture time, but not Kaspersky. Kaspersky Password Password Filling When you return to a site with saved credentials, Kaspersky fills in what it has. If you've saved more than one set of credentials, it displays your choices in a menu near the login field. Kaspersky combines logins for the same site under the same entry, but lets you add names for each account, which is https://passportgeneratoronline.com
useful for keeping them organized. Kaspersky's autofill capabilities worked fine in testing. Security Check Getting all your passwords into the password manager is an important step, but if they're all easy-to-guess or the same complex one, you haven't accomplished a lot. To take full advantage of a password manager, you must upgrade all those weak and duplicate passwords. Kaspersky helps with that process. For a security check of your stored passwords, click the Password Check menu item in the desktop app. Here, Kaspersky lists all your compromised (those that appear in the HaveIBeenPwned database), weak (those that are too simple and easy to hack), strong, and duplicate passwords. It even ranks your bad passwords by severity, which is helpful, for example, if you want to only tackle a few password changes at a time. LastPass, Keeper, and Dashlane, among others, offer actionable password strength reports, too. Kaspersky's Password's Password Check Section If the password is compromised, weak, or a duplicate, you should change it. Kaspersky provides a Change Password button that takes you directly to the affected site. When Kaspersky detects a typical password-change page, with one field for the old password and two for the new, it helps you create a strong new one via the password generator. Just click the key icon in the new password filed to generate a new one. Keeper offers similar functionality. Kaspersky defaults to creating 12-character passwords, which is on the short side. We usually recommend 16 characters or more. Since you don't have to remember the password, you should make it reasonably long and complex. Kaspersky's tool can generate a password of any length up to 99 characters, but requesting a longer password doesn't change the default behavior. On the plus side, Kaspersky defaults to generating passwords using all four types of characters: uppercase letters, lowercase letters, digits, and symbols. Myki Password Manager & Authenticator defaults to generating 30-character passwords, which is impressive. A Resolved Security Flaw Recently, the Ledger Donjon security research team disclosed serious vulnerabilities with Kaspersky Password Manager's password generator tool. The group found that although Kaspersky Password Manager used a complex method to generate its passwords and the created passwords would be difficult for standard password crackers to break, Kaspersky's method was more vulnerable to dedicated tools. Another issue stemmed from Kaspersky's pseudorandom number generator (PRNG), which generated values based, in part, on your device's system time. The report explains that this "means every instance of Kaspersky Password Manager in the world will generate the exact same password at a given second." You can read all the details in Ledger Donjon's full report. Kaspersky issued an advisory about these vulnerabilities earlier this year and the latest version of the software is not affected by them. If you had used Kaspersky Password Manager to generate passwords, we recommend you update all those accounts with newly generated passwords immediately. Filling Forms Like many password managers, Kaspersky includes the ability to save personal details and payment options and use them to fill web forms. You can define as many addresses as you need, saving details such as a name, physical address, email address, and phone number; Kaspersky supports up to two email addresses and phone numbers per entry. 1Password offers far more identity options and the ability to create custom fields. RoboForm Everywhere allows multiple entries for any data field.
You can also add one or more bank cards. In addition to basic information like the card number, CCV, and cardholder name, Kaspersky includes slots for details such as the issuing bank, that bank's customer service numbers, and your PIN. Bank cards display as a card image, using the color and bank name you selected. Dashlane goes one step beyond this, adding the logo for the chosen bank to the image. Kaspersky Password's Address Form When you ask Kaspersky Password Manager to fill bank card data on a website, our Kaspersky contact says it checks whether the site is a phishing site and whether it uses a secure HTTPS connection. The software also displays a confirmation window with the full URL of the page. This helps you avoid giving away that data on a fraudulent site. Without the convincing images and realistic page appearance, you're more likely to notice if a URL says "bankofarnerica" rather than "bankofamerica." Obviously, you should avoid giving payment details to sites that aren’t spelled correctly. When you come to a web form that needs address or bank card information, Kaspersky should just fill the relevant information (after verifying the sites authenticity). In testing, this auto-fill feature didn't work consistently. Sometimes it only partially filled out forms and other times it didn't detect any fields at all. Application Passwords and Secure Notes Most password managers stick to handling passwords for your numerous secure websites. Kaspersky, like Sticky Password, LastPass, KeePass, and a few others, can manage your application passwords. However, Kaspersky doesn't auto-enter your saved passwords the way KeePass and LastPass do. Rather, you must copy and paste the essential information. Kaspersky saves non-electronic secrets like padlock combinations and identification numbers in the form of secure notes. You just enter your unformatted information and Kaspersky syncs these notes across any of your account device. LastPass takes this concept further, with predefined templates for various types of secure notes, among them health insurance data, software licenses, and Wi-Fi passwords. 1Password allows markdown formatting in its notes on its macOS and mobile apps. Secure Storage Kaspersky includes encrypted cloud storage for several document types, such as Driver’s Licenses, Passports/IDS, Bank Cards, Insurance Cards, and Contracts. There’s also an Other category for miscellaneous uploads. As mentioned, the free edition allows you to maintain a total of 15 items (logins and documents combined). A paid account grants you unlimited storage. Kaspersky converts all images to the JPEG format. Oddly, an image we uploaded and categorized as a Bank Card did not show up in that dedicated section in the desktop interface. Keeper Password Manager & Digital Vault and LastPass also include storage options. Kaspersky Password's document scans
The most interesting thing about Kaspersky's storage capability is the ability to automatically analyze files on your computer and hoover up documents. You review the list and check off those you want to protect. You can conveniently categorize them before import. After uploading them to secure cloud storage, Kaspersky offers to delete the insecure originals, bypassing the Recycle Bin for security. In past tests, it picked up images even with confusingly formatted text. We are impressed by this feature and haven’t seen anything similar in competing products. Our contact at Kaspersky said that this search retains no information about your files. Other Platforms and Web Access Kaspersky Password Manager keeps everything in sync whether you install it on a Windows, macOS, Android, or iOS devices. The Windows and macOS editions are roughly parallel, and the mobile editions come as close as operating system constraints allow. We appreciate the cross-platform consistency. Kaspersky's macOS app also gets a revamped design and support for M1 processors. Another change is that macOS users can now copy vault items directly from the browser extension in Safari. Like LastPass and 1Password, Kaspersky supports TouchID and FaceID authentication on iOS devices and fingerprint logins on Android phones. On both platforms, you can snap photos directly to encrypted online storage. You can also snap payment cards, but Kaspersky doesn't convert the image into a payment card entry, the way Keeper does. As for what's new, the Android version gets a dark theme, the desktop app's Password Check feature, and autofill support for 10 new browsers, including Chrome, Edge, Firefox, Opera, and Vivaldi. The iOS app now lets you combine existing scanned documents into a single file, too. Kaspersky Password Browser Extension Passwords, addresses, and other saved items are accessible online within the My Kaspersky portal. You need both your My Kaspersky account credentials and the master password you created to log in on the web. You get full access to view and edit your passwords and other data here. Make sure you configure the timeout settings on the web application; you wouldn’t want to leave your passwords unprotected. Kaspersky’s web extensions (available on Chrome, Edge, Firefox, and Internet Explorer) are lackluster, since you can’t actually copy information from most entries, let alone directly edit their details. Clicking on a Bank Card or Address, for example, just opens the desktop application. You can click on passwords to navigate to and log in to saved sites, but that’s about it. Other password managers’ extensions allow you to copy details, edit items, and add new entries independently of the desktop app. Sharing and Inheritance Dashlane, LastPass, Keeper, and LogMeOnce let you securely share login data with other users. RoboForm, Password Boss Premium, and several others deal with the problem of passing on your credentials in the event of your demise. Kaspersky lacks both password sharing and inheritance features. To compete with contemporary password managers, Kaspersky desperately needs to add these capabilities. Basic Password Management Kaspersky Password Manager’s user interface is pleasant and easy to understand, and we like how it scans for and stores documents. However, Kaspersky doesn’t include password sharing or inheritance options, nor does it support hardware-based 2FA. We’d like to see improvements to its organization features, a more consistent form- filling performance, and enhanced capabilities for its web extensions too. The now-disclosed (and since-resolved)
flaw in Kaspersky Password Manager's password generator tool leaves us wondering what else may also need to be fixed. If you got the password manager as a component of Kaspersky Total Security or Kaspersky Security Cloud, you can rely on it for basic password management. For a little more cash, far more powerful password management solutions are available. Keeper Password Manager & Digital Vault offers secure storage for important files in a clean, simple user interface. Dashlane, too, sports an easy-to-use interface, despite its wealth of advanced features. Both apps go well beyond Kaspersky's feature set, and both are PCMag Editors' Choice products for password management. Our top picks for free password managers are Bitwarden and MyKi, neither of which have significant syncing or vault limitations. Editors' Note: We are aware of the allegations of Kaspersky Labs' inappropriate ties to the Russian government. Until we see some actual proof of these allegations, we will treat them as unproventreat them as unproven, and continue to recommend Kaspersky's security products as long as their performance continues to merit our endorsement.