Why you shouldn’t share your Netflix password, even with your parentsIn an unpopular decision, Netflix is to start cracking down on password sharing. How will this affect user account security?
In March 2021, Netflix users logging into shared accounts reported seeing a message on the service telling them, “If you don’t live with the owner of this account, you need your own account to keep watching.”
At the time, the affected users had to input a multifactor authentication (MFA) code sent via SMS or email to regain access. However, this test was not rolled out across the wider Netflix user base at the time, and not much more has been said about Netflix cracking down on shared passwords – until now.
Netflix begins testing paid sub-accounts for different households
On March 16th 2022, Netflix announced on its website that subscribers can add up to two sub-accounts for people they don’t live with. These sub-accounts can access Netflix via their own username and password at a lower price than a full subscription. Netflix says this will be initially tested in Chile, Costa Rica and Peru.
Michael Nathanson reported in 2019 that 14% of Netflix users access the service via a friend or relative’s account. This number is likely to have jumped during the pandemic as people were forced to stay indoors, and thanks to IP tracking, Netflix knows exactly how much money it’s losing through account sharing.
Why does Netflix care so much about shared passwords?
Back in 2016, Netflix CEO Reed Hastings seemed less worried about shared passwords, calling the practice “something [we] have to learn to live with, because there’s so much legitimate password sharing, like you share with your spouse, with your kids… so there’s no bright line, and we’re doing fine as it is.”
But with its 2021 budget for content reportedly hitting $17B, and other services like Disney+ and Amazon Prime Video taking a bigger slice of the streaming pie, Netflix has finally decided to act against multiple households using a single account unless subscribers pay for sub-accounts.
In fact, Netflix has been very transparent about this, stating, “For the last year we’ve been working on ways to enable members who share outside their household to do so easily and securely, while also paying a bit more.”
This might seem like money-grabbing to the average consumer, but it’s undeniable that there are legitimate security benefits to this perhaps unpopular move.
Poor password hygiene 101
There is no skirting around the fact that sharing your password or login details with anyone is always bad. Along with reusing the same password across multiple services or writing them on a sticky note on your monitor, it’s one of the worst things you can do with your passwords.
Let’s recap some bad password hygiene practices:
Sharing your password with others
Why? Because you have no control over anyone else’s password hygiene practices.
Using the same password on more than one service
Why? Because if the service suffers a data breach, hackers can use credential stuffing bots to automatically break into your other accounts.
Using common or weak passwords
Why? Because hackers can crack common or weak passwords in less than a second.
Writing your password down (e.g., on a sticky note or an unsecured notepad)
Why? Because anyone who catches a glimpse at this can access and abuse your accounts.
Not using password manager software
Why? Because password managers take care of a lot of the above problems for you.
Why can’t I trust my parents/best friend/cousin/dog walker with my password?
Sharing passwords amongst households increases the risk of other attacks because it simply reduces your control. You don’t know how the passwords are being stored by others or whether they’re being recycled elsewhere. You might be savvy to phishing emails or be able to tell when a web address is fake, but not everyone is as aware of these password-stealing ploys.
A report by LastPass in 2020 revealed that although 91% of users claim to understand the risks of reusing passwords, 66% did so anyway.
According to Netacea threat researcher Liam Jones, “We have come a point where Netflix has had to act. It takes me 10 seconds to find a catalogue of stolen Netflix accounts [on the dark web], and it’s customer password hygiene that allows this to happen.”
What’s next for password sharing and authentication?
Passwords are becoming a less trusted form of authentication, at least when used in isolation. Many services are now turning to MFA as the next stage of user account security.
While MFA is seen as less easily exploited than passwords, in truth it can still be bypassed through various well-known techniques. Unfortunately, many organizations are unaware of this and have developed a false sense of security if they are using even weak MFA practices.
The best advice for consumers right now is to practice good password hygiene and use all the tools available, such as password managers and MFA where available – and don’t share your Netflix password with anyone.
Protect your revenue and customers on auto-pilot.