Look, let’s be sincere. Password sharing is as endemic to the Netflix experience as it is to canceling your favorite show in two seasons. So when the streaming service starts testing ways to reduce this practice, it is understandable that many people who have come to expect communal accounts of course matter. And yes, it’s always annoying when a train with sauce gets off the rails. But even if it’s not Netflix’s top priority here, it’s much better to keep the password for yourself.
The limited test that Netflix introduced this week is basically a form of two-factor authentication, the kind we hopefully already have on most of your online accounts. Some users have started seeing the following prompt when settling for a binge: “If you do not live with the owner of this account, you need your own account to continue viewing.” Below is an option to receive a code via email or text message to the account owner, which you can enter to continue viewing.
“We are still learning. We are definitely in the very, very early phase, “said a source familiar with the process. “The intention is not to implement, right now, it is really to find out how we check the information, so that we can balance the balances from security issues that may arise from unauthorized sharing.”
Yes, security issues. And while Netflix’s flirtation with password-sharing repression is by no means altruistic – it’s not that someone read the terms of service, but specifies that your account “can’t be shared with people outside your household.” – It is also true that sharing usernames and passwords, even with the closest relationships, can have dire consequences.
“There seems to be a misunderstanding that exchanging passwords with people you know is not dangerous,” said Jake Moore, a cybersecurity specialist at ESET. “The truth is, we shouldn’t share passwords, and adding multi-factor authentication will help keep this process better protected.”
OK, but why? What is the real evil if I pass the password to a cousin or an unusual acquaintance? It can come in several forms. The most basic is also the most harmless: Although you might share your login with a single friend, you can’t control how many people share them then and how many people share them and continue, like an old Faberge ad. When WIRED lead writer Lily Hay Newman audited the Hulu account she mocked herself a few years ago, she found more than 90 authorized devices.
Admittedly, independent chargers primarily threaten the cohesion of the lists of recommendations. It is not the end of the world. It could also steal any personal data held by your profile.
The big problem is that the wider the password circle, the more you risk compromising your password. And given how often people reuse passwords on multiple sites and services, that means your exposure could extend far beyond Netflix.
“Because I shared your password with you and you were hacked, that killer now has my password,” says Steve Ragan, a researcher at the Internet infrastructure company Akamai. “And if I used this password anywhere else on the internet, the killer will find it and they will have access to it as well. It’s spreading. It is an aggravating problem. ”
The practice of throwing a bunch of usernames and passwords into different services to see what sticks is known as filler credentials and has hit the media industry particularly hard in recent years. Between January 2018 and December 2019, the attacks to complete the accreditations targeting the video services doubled, according to Akamai research. The media industry as a whole recorded 18 billion attempts on the same stretch. When Disney + was launched, thousands of accounts immediately appeared on dark web markets, while hackers sniffed password reusers. “In the short term, what will stop is the bulk sale of such credentials,” says Ragan.