Look, let’s be fair. Password sharing is just as endemic to the Netflix experience as canceling your favorite show two seasons later. So when the streaming service starts testing ways to curtail that practice, it understandably takes the many, many people who share common accounts for granted. And yes, it is always annoying when a gravy train derails. But even if it’s not Netflix’s top priority here, it’s much better to keep your password to yourself.
The limited test Netflix introduced this week is basically a form of two-factor authentication, the kind you hopefully already have on most of your online accounts. Some users start to see the following prompt when they get into a binge: “If you don’t live with the owner of this account, you need your own account to keep watching.” Below that, there’s an option to email or text a code to the account owner, which you can enter to continue browsing.
‘We are still learning. We are definitely in the very, very early stages, ”said a source familiar with the trial. “The intention is not to enforce at this point, but to learn how to verify the information so that we can weigh the scales against security vulnerabilities that may arise from unauthorized sharing.”
Yes, security issues. And while Netflix’s flirtation with password-sharing crackdowns is by no means altruistic – not that anyone has read the terms of service, but it does indicate that your account “ shouldn’t be shared with anyone outside of your household ” – it is true that sharing usernames and passwords with even your closest relations can have unpleasant consequences.
“There seems to be a misunderstanding that sharing passwords with known individuals is not dangerous,” said Jake Moore, a cybersecurity specialist at security firm ESET. “The truth is, we shouldn’t share passwords, and adding multi-factor authentication keeps this process more protected.”
Ok but why? What is the real harm if I pass my password on to a cousin or not so casual acquaintance? It can come in different forms. The most basic is also the most harmless: although you only share your login with one friend, you can’t control how many people they share it with, how many people those people share it with, and so on. , like an old Faberge commercial. When WIRED senior writer Lily Hay Newman checked the Hulu account she herself bellowed from a few years ago, she found more than 90 authorized devices.
Granted, freeloaders primarily threaten the consistency of your recommendation lists. It’s not the end of the world. However, they can also steal any personal information from your profile.
The much bigger problem is that the bigger the password circle gets, the greater the risk you take personally that your password will be compromised. And given how often people reuse passwords across multiple sites and services, that means your exposure goes well beyond Netflix.
“Because I shared my password with you and you were hacked, that criminal now has my password,” said Steve Ragan, a researcher at Internet infrastructure company Akamai. And if I used that password elsewhere on the Internet, the criminal will find it, and they will have access to it too. It spreads. It’s a complicated matter. “
The practice of throwing a bunch of stolen usernames and passwords at different services to see what is known as credential padding, and it has hit the media industry particularly hard in recent years. According to research by Akamai, the number of attacks against video services doubled between January 2018 and December 2019. The media industry as a whole saw 18 billion attempts along the same trajectory. When Disney + launched, thousands of accounts immediately appeared in dark web markets when hackers tracked down the password reusers. “What will stop this in the short term is the bulk sale of these types of references,” says Ragan.