products - bitdefendercentralhub

How to manage subscription costs

Oleh bambang raharjoDiposting pada September 12, 2023

Digital wellbeing isn’t just about privacy and protection against online scammers and equipment failure. It’s also about having some level of control over our social networks, our screen time, and what we spend on digital services. These outlays are increasingly taking the form of subscriptions. Sure, recurring payments have long been the standard for cell phone billing, music and video streaming services, watching TV and reading online magazines and newspapers, but these days you can sign up for pretty much anything, including delivery of regular consumer goods — like socks or coffee. In many cases, a subscription is the only way to get hold of apps, games, and other online stuff — ever more services are switching to this model, and the number of subscriptions is snowballing. Even automakers are getting in on the subscription game, and soon it might not be possible to turn on the seat heating or use the sat-nav without subscribing to the respective service.

Almost everyone underestimates their subscription costs. According to this fascinating survey, the average American thinks they spend US$86 per month on subscriptions, when the real figure is a whopping US$219! And besides online, there are other recurring payments: mortgages, loans, utility bills, public transport, gym memberships and the like, all of which need to be budgeted so you don’t suddenly find yourself broke.

Monthly subscription costs: expectation versus reality. (Source)

As trite as it sounds, how to save money couldn’t be simpler: cancel subscriptions you don’t use. No less than 42% of respondents admitted to having stopped using an app or service and then forgetting to stop paying for it. Even active subscriptions, renewed for years without change, become less economical over time: by changing your plan to a newer one, applying a promo code, or looking at competitors, you can save a lot.

But more often there’s another problem: 74% of users forget when payment is due. If the subscription auto-renews, it can burn a large hole in your pocket. If you pay manually, forgetting could result in termination of the service. And that can spell trouble if it’s your phone or something equally important.

Free trial

Another common way to accidentally fork out is by subscribing to apps and services that offer a free trial period. The service takes your card number on sign-up, but doesn’t charge you. After a week, month or whatever length of trial period, the first payment falls due. If during this time you decide the service is not for you, what are the chances you forget to go into the settings and cancel the subscription? As practice shows — very high. Such user forgetfulness is now being exploited by less-than-squeaky-clean developers who sell apps on the App Store and Google Play with exorbitant monthly fees (for example, US$90 per month for a regular calculator!). Such apps are known as fleeceware.

How to manage subscriptions properly

To get the most out of your subscriptions, plan your outlays carefully, never pay for unnecessary services, and follow a few simple rules:

Make a general list of subscriptions so you know exactly what, when and how much you’re paying.
Update the list as soon as you subscribe to a new service. Bear in mind that renewing a subscription may be cheaper or more expensive than the first payment — check the small print!
Check the list on a regular basis (say, monthly) to plan your spending for the coming month.
Checking regularly will help you remember to cancel subscriptions you don’t wish to renew. Note that to cancel a subscription it’s usually not enough to simply uninstall the app — you need to go to your personal account or to a special subsection of the App Store/Google Play to cancel it.
Keep an eye out for sales and promotions, such as Black Friday. They often give discounts on subscription renewals.

Despite their outward simplicity, all these tips have one major drawback: they require a high level of self-discipline and attentiveness. They involve record-keeping and list-updating, and not everyone will have the time or inclination. But there is an easier, more convenient way — in the shape of a specialized subscription management service. Speaking of which, Kaspersky Product Studio recently released such an app, called SubsCrab.

SubsCrab helps you manage subscriptions and save money

SubsCrab makes it easy to keep a list of subscriptions, remember when and how much to pay, and find ways to economize.

A single glance at the SubsCrab home screen will provide all subscription details for the current month, as well as monthly outlays, due dates, and the cost of each subscription

You can add all your subscriptions to the app in one of two ways:

Manually. You yourself select subscriptions from a long list of paid services and payment plans. There are already more than 4000 subscription services and 11,000 related plans in the database.
Mailbox scan. The app searches your mailbox for emails from all known services, and automatically determines the plan and payment date. Email data is not sent anywhere; all processing takes place on your smartphone.

Adding a new subscription to SubsCrab couldn’t be simpler

Future app updates will add two more methods:

Bank statement scan. This feature will only work in the U.S. and some EU countries using the Open Bank API, which is supported by around 15,000 banks. As with email scanning, subscriptions will be searched for locally, and no transaction data will leave your smartphone.
Screenshot scan of subscription page in the App Store or Google Play.

Thereby, the app also makes it easy to add new subscriptions as soon as they appear.

When all your subscriptions are in SubsCrab, the app will remind you about upcoming payments, show your total spending for the selected month or year, and help with general budget planning.

Never miss a payment with SubsCrab Push notifications

Click or tap on any subscription and you’ll see its current settings, but it’s the bottom of the card that’s the really interesting part. That’s where discount promo codes get published, plus a list of alternative services that do the same job. If you want to cut costs, you can try switching to one of these competitor services or find out how to unsubscribe.

Cards are a handy source of subscription details, alternatives, and promo codes

It might sound odd, but SubsCrab itself is a subscription service. The free version lets you manually enter subscriptions from the database, choose alternative services, and get reminders and statistics.

The paid version of SubsCrab can automatically find subscriptions in your mailbox, as well as maintain and analyze multiple subscription lists — for different family members or different tasks (entertainment, work, health, etc.); only this version gives you access to promo codes for tasty discounts on your favorite subscriptions.

And if all this helps you cut costs and take control of hundreds, perhaps thousands of dollars you spend annually and unaccountably on subscriptions, the juice is worth the squeeze.

#manage #subscription #costs

Built-in authenticator in Kaspersky Password Manager

Oleh bambang raharjoDiposting pada Agustus 21, 2023

More great news: our recently updated Kaspersky Password Manager now has a built-in function for generating one-time codes for two-factor authentication (2FA). This means no more installing a separate authenticator app — everything you need is right there in our password manager. Now for a few details…

What’s an authenticator?

On this blog, we focus quite a bit on 2FA — app-generated one-time codes in particular. Over the past couple of years, we’ve posted a whole series of materials on this topic, the most important of which make for highly recommended reading:

In a nutshell, you need 2FA to better protect your accounts, so we recommend enabling it on all services that support it. In our view, one-off codes generated in special authenticator apps strike the best balance between security and usability. Such a code must be entered after the regular password, and because it’s valid for a limited time (usually no more than 30 seconds), it’s extremely difficult to intercept.

The 2FA method is both quick and smooth, provides a high level of protection, and requires no additional input or time investment on the part of the user. Before, 2FA meant having an authenticator app on your device — either Google Authenticator or any other that suits you. Now, however, there’s no need to install an additional app: you can generate codes right inside Kaspersky Password Manager, where your passwords are already stored securely. Let’s take a look at the advantages of our built-in authenticator.

1. Familiar interface with cross-platform convenience

Kaspersky Password Manager generates one-time codes in a familiar user-friendly way: in the special Authenticator section is a list of tokens with names and short descriptions, next to which one-time codes appear and a time counter ticks away until the next update of these codes. That’s similar to how it works in other apps, so you’ll have no trouble switching to Kaspersky Password Manager if you already use another authenticator. That’s an obvious advantage, but far from the only one.

A massive plus compared to other authenticators is that Kaspersky Password Manager gives you a universal, cross-platform, all-in-one solution — the app stores your passwords and generates one-time codes on whichever platform you prefer: computer or phone. Kaspersky Password Manager is available not only for Android and iOS, but also for macOS and Windows (support for 2FA code generation in Windows will be added in an upcoming update). The Windows version is especially important: if you’ve read our post about the best authenticator apps, you’ll have noticed that Windows is rather poorly served.

2. Synchronization and security

Next advantage: all Kaspersky Password Manager entries (passwords, notes, authenticator tokens, etc.) are automatically synchronized between all your devices. This allows you to generate an authentication code on any device you’re currently using.

Synchronization uses the cloud, of course, but with maximum security and convenience. For one thing, you don’t have to create an extra account — a My Kaspersky account is all that’s needed, which you already have if you use any of our products. And for another, all authentication tokens are securely protected by the main password, without which no intruder can use your passwords or authenticator — even if they do somehow get inside your My Kaspersky account.

3. Don’t have your smartphone to hand? No problem!

Users of other authenticator apps face the eternal nightmare of leaving behind or, worse, losing their smartphone: recovering authentication tokens is so difficult that we even wrote a special step-by-step guide for that. Now, because Kaspersky Password Manager securely stores your tokens (and with them all passwords) in encrypted form in the cloud, you can use the authenticator at any time on the device you’re using, as well as restore all data on a new device; all you have to remember is your main password.

4. Easy migration

Lastly, one other advantage of the built-in authenticator in Kaspersky Password Manager is quick and easy migration of all data from Google Authenticator. All you need to do is export all tokens from Google Authenticator to one large QR code in the usual way, then scan it in Kaspersky Password Manager — everything will work right away.

As far as we know, no other authenticator app makes it so easy to migrate data from Google Authenticator; the process usually involves lots of sweat and tears as you painstakingly recreate all your tokens one by one. But with Kaspersky Password Manager, four taps on the screen are literally all it takes.

What else can Kaspersky Password Manager do?

Let’s wrap up with a few words about some other useful features in Kaspersky Password Manager besides unbeatable password protection and the new built-in authenticator. This handy app can also:

Autofill data in online forms — and not only usernames and passwords, but other information such as addresses and bank card details.
Warn you if your password is too weak, was used before, or has been compromised in a known leak.
Generate the strongest passwords possible based on customizable random character combinations.
Securely store important documents, bank card details, and any other highly valuable information (for example, cryptowallet seed phrases).
Encrypt all stored data with the robust AES-256 algorithm. The encryption key is created from the main password and is not stored anywhere, so without the main password it’s simply impossible to decrypt the contents of Kaspersky Password Manager.

Incidentally, the recent update of Kaspersky Password Manager added not only a built-in authenticator, but also support for Opera and Opera GX browsers. So now you can autofill passwords and other data in all the most popular browsers out there: Chrome (and others based on Chromium), Safari, Firefox, Edge, and now Opera.

And remember, the full version of Kaspersky Password Manager comes included in the Kaspersky Plus and Kaspersky Premium subscriptions, along with the most reliable protection possible, unlimited VPN, and a host of other useful features.

#Builtin #authenticator #Kaspersky #Password #Manager

Are browser-stored passwords secure? | Kaspersky official blog

Oleh bambang raharjoDiposting pada Agustus 15, 2023

Browser-stored passwords save you from having to re-enter them each time, which is a real time-saver. But how safe is it? This post explores three reasons you shouldn’t store passwords in your browser, and why you should use a much more secure storage method: a password manager.

1. Password stealers

The core problem with storing passwords in browsers is that they sacrifice security for usability. This holds true for at least the three most popular browsers: Google Chrome, Mozilla Firefox, and Microsoft Edge, all of which store user passwords in a highly insecure way.

The reason is that all browsers store passwords in a very predictable place, in a folder whose path is no secret to anyone. And although the passwords themselves are encrypted, the encryption key is stored close by and readily accessible. Armed with this key, an attacker can decrypt and steal passwords. A farcical situation: the door appears to be securely locked, but the key is under the doormat, and the whole world knows it.

In fact, browsers use this state of affairs to compete with each other: to make it easier for users to switch, they often offer to import all saved data from the old browser, including stored passwords.

Any guesses who else is using this feature? That’s right. There is an entire class of malware (appropriately called password stealers) dedicated to credential theft. This malware sifts through folders known to contain browser-stored passwords, finds the key under the doormat, then decrypts the passwords and uploads the loot to the cybercriminals’ server. Later, these passwords are usually databased and sold in bulk on the dark web to other crooks who use them to hijack accounts (narrow specialization has long been the norm in the cybercriminal world).

To understand how easy it is to steal passwords stored in a browser, we recommend watching a demo video that clearly shows how to quickly extract passwords from Chrome, Firefox, and Edge using nothing more than a Python script.

Extracting passwords from Google Chrome, Mozilla Firefox, and Microsoft Edge

Demonstration of how to extract passwords stored in Google Chrome, Mozilla Firefox, and Microsoft Edge. (Source)

2. Physical access to the computer

It’s not just specially trained malware that can get up to this sort of mischief, but anyone with physical access to your computer. And no sophisticated hacking skills are required – scripts for exfiltrating browser-stored passwords are readily available online. All that is required is to run them.

Even an overly curious relative or work colleague could do this if you leave your computer unlocked. Or a hacker visiting your office on a scouting mission. Basically, anyone. The important point is that all your passwords stored in the browser will end up in potentially hostile hands.

And even if the intruder doesn’t have the right script to extract passwords from the browser-saved file, they can scour the settings for the list of sites for which passwords are stored, and then log in to one of them to read your correspondence, for example, or find out other secrets about you.

The world’s most popular browser (Google Chrome, in case you didn’t know) doesn’t even have a basic mechanism to prevent such actions. And while the Firefox developers were good enough to let users protect saved passwords with a primary password, they left this option disabled by default. The primary password must be explicitly enabled and configured, and it is unlikely that many Firefox users even know about it.

3. Browser account hijacking

The following problem is common to all browsers that allow users, for their convenience, to create an account to synchronize browsers on different devices. This means that bookmarks, browser sessions, extensions, settings, as well as saved passwords are all synchronized and stored in the cloud. And if a hacker gets inside your browser account, all they have to do is log in on another computer using the same account. Then all your accounts whose passwords are stored in the browser – from social networks to online banks – are there for the taking.

Why a password manager beats a browser

Like browsers, Kaspersky Password Manager remembers your credentials and lets you auto-populate them when logging in to websites. But unlike browser developers, we don’t compromise on security. In our password manager, the primary password is used by default and cannot be disabled – all your saved passwords are protected at all times. So even if someone gains physical access to your computer, they will not be able to simply log in to sites using the credentials stored in the manager. To do that, they would need the primary password, which no one but you knows (unless you stuck it to your screen on a sticky note).

Another advantage of Kaspersky Password Manager is, of course, that all passwords are stored only in encrypted form. And, crucially, we don’t keep the decryption key “under a doormat”. The encryption key is generated on the fly using the AES-256 algorithm on the basis of the primary password, which allows us not to store it at all. Anywhere. Ever. So even if a stealer manages to get onto your computer, it won’t be able to steal anything – all your passwords are securely encrypted. Incidentally, if you use Kaspersky Password Manager as part of Kaspersky Premium, we won’t even let the malware in.

One last thing. Naturally, we use the cloud to synchronize passwords between devices – all your passwords are linked to your My Kaspersky account. But even if an intruder were to somehow gain access to this account, your passwords stored in Kaspersky Password Manager would still be perfectly safe. That’s because in the cloud they are stored exclusively in encrypted form, and the decryption key is generated on the basis of the primary password, which only you know and without which attackers are toothless.

We’ve also recently updated Kaspersky Password Manager to support the Opera and Opera GX browsers, which continue to win over new users. That means we now support all the most popular browsers: Chrome (and Chromium-based browsers), Safari, Firefox, Edge, and Opera.

#browserstored #passwords #secure #Kaspersky #official #blog

Tag: products