Earlier this week, Netflix caused a bit of a stir as they rolled out a new way to ensure that your account is used only by those living in the same home.
A small group of subscribers were met with the following message as they settled in for a weeknight binge: “If you don’t live with the owner of this account, you need your own account to keep watching.” Below that, there’s an option to get a code emailed or texted to the account owner. To continue watching, users either have to enter the code or bite the bullet and create a new account. Regardless of why Netflix has imposed this on subscribers, whether for security reasons or profits, we were left with some more questions:
Is password sharing really that bad?
Maybe sharing the password of your account with your best friend or sister isn’t that bad. But what about when a colleague shares it with their uncle who then shares it with his friend and so on? When you add to the equation that as many as 65% of people reuse the same password for multiple or all accounts (Google) then you see the security danger that password sharing presents.
In the case of Netflix, research conducted by ESET last year found that 60% of respondents share their streaming service account details with at least one other person and one in three share their account with two or more people. Proving again, the biggest danger of password sharing is that the next person could share it with someone else. Once it’s shared, the owner has no further control over how it’s used.
Is 2-step verification enough to curb the freeloaders?
Probably not. It might rid account owners of long lost friends or an ex who still had access to their account who might not feel comfortable reaching out to get that code – but anyone else who’s in contact can easily just ask for the code. While it may be slightly inconvenient it’s not enough to push non-paying users to open their own account.
Now you could say, any additional layer of authentication is better than nothing. Implementing a 2-step verification might curb the spread but it won’t stop it completely (or solve the many other issues that passwords present). If Netflix really wants to curtail password sharing the most effective option is to go fully passwordless. If paying customers use their biometric information to login to their account there will be nothing for subscribers to share (or remember). This way, Netflix can also ensure that only the intended account holder has access. Plus, customers won’t have to deal with dreaded password resets anymore. A win for ease of use, security and Netflix’s bottom line.