Look, let’s be honest. Password sharing is as endemic to the Netflix experience as having your favorite show canceled two seasons in. So when the streaming service begins to test ways to reduce this practice, it naturally annoys the many people who have come to expect joint accounts. And yes, it’s always boring when a sauce train goes off the rails. But even if that’s not Netflix’s top priority here, it’s best to keep your password to yourself.
The limited test presented by Netflix this week is essentially a form of two-factor authentication, the type you hopefully already have on most of your online accounts. Some users have started to see the following prompt when they settle in for a frenzy: “If you don’t live with the owner of this account, you need your own account to keep watching.” Underneath there is an option to email or SMS a code to the account owner, which you can enter to continue watching.
“We are still learning. We are certainly in the very early stages, ”said a source close to the trial. “The intent is not to apply, right now it’s really to learn how we verify information so that we can balance the scales of security issues that can result from unauthorized sharing.”
“There seems to be a misconception that sharing passwords with known people is not dangerous,” says Jake Moore, cybersecurity specialist at security firm ESET. “The truth is, we shouldn’t be sharing passwords, and adding multi-factor authentication will help this process stay better protected.”
Ok but why? What’s the real problem if I pass my password on to a cousin or not-so-simple acquaintance? It can take many forms. The most basic is also the most harmless: although you can share your connection with only one friend, you cannot control how many people they share it with afterwards, and how many people those people share it with, and and so on. , like an old man Fabergé advertising. When WIRED lead writer Lily Hay Newman audited the Hulu account that she herself was mocking a few years ago, she found more than 90 authorized devices.
Of course, freeloaders mainly threaten the cohesion of your recommendation lists. This is not the end of the world. However, they could also steal all the personal data from your profile.
The much more serious problem is that the larger the circle of passwords, the more you personally take the risk of your password being compromised. And given how often people reuse passwords across multiple sites and services, that means your exposure could extend far beyond Netflix.
“Because I shared my password with you and you got hacked, this criminal now has my password,” says Steve Ragan, researcher at Internet infrastructure company Akamai. “And if I have used this password elsewhere on the Internet, the criminal will find it, and there will be access as well.” It’s spreading. It is an aggravating problem.
The practice of throwing a bunch of stolen usernames and passwords at various services to see what the sticks are known as credential stuffing, and this has hit the media industry particularly hard in recent years. Between January 2018 and December 2019, ID jam attacks targeting video services doubled, according to an Akamai study. The media industry as a whole experienced 18 billion attempts during the same period. When Disney + launched, thousands of accounts immediately appeared in the dark web markets as hackers sniffed password reusers. “In the short term, what’s going to stop is the wholesale of such credentials,” says Ragan.