Look let’s be honest. Sharing passwords is as endemic to the Netflix experience as having your favorite show canceled two seasons later. So when the streaming service starts testing ways to restrict this practice, it understandably pisses off many, many people who expect communal accounts as a matter of course. And yes, it is always annoying when a joy train leaves the tracks. But even if it’s not Netflix’s top priority here, it’s much better if you keep your password to yourself.
The limited test that Netflix introduced this week is basically a form of two-factor authentication, the kind you expect to have in most of your online accounts. Some users began to see the following warning when settling for a spree: “If you don’t live with the owner of this account, you need your own account to continue watching.” Below that, there is an option to get a code via email or text message to the account owner, which you can enter to continue watching.
“We are still learning. We are definitely in the early stages, ”said a source familiar with the test. “The intention is not to impose, now, it is really to learn how we verify the information so that we can balance the balance away from security problems that can arise from unauthorized sharing.”
Yes, security problems. And while Netflix’s flirtation with the password sharing restriction is by no means altruistic – not that anyone has read the terms of service, but specifies that your account “cannot be shared with people outside your home” – it is also It is true that sharing usernames and passwords with even your closest relatives can have dire consequences.
“There seems to be a misunderstanding that sharing passwords with people you know is not dangerous,” said Jake Moore, a cybersecurity expert at security company ESET. “The truth is that we shouldn’t be sharing passwords, and adding multi-factor authentication will help keep this process more secure.”
OK but why? What is the real problem if I pass my password to a not so casual cousin or acquaintance? It can come in some forms. The most basic is also the most innocuous: Although you can share your login with just one friend, you cannot control how many people they share it with and how many people they share it with, and so on, like an old Fabergé commercial . When WIRED senior writer Lily Hay Newman audited the Hulu account that she herself had been exploring for a few years, she found more than 90 authorized devices.
It is true that profiteers mainly threaten the cohesion of their lists of recommendations. Not the end of the world. They can, however, also steal any personal data that your profile contains.
The much bigger problem is that the wider the password circle, the greater the risk that you personally take that your password will be compromised. And given the frequency with which people reuse passwords on various websites and services, this means that their exposure can extend far beyond Netflix.
“Since I shared my password with you and you were hacked, that criminal now has my password,” says Steve Ragan, a researcher at the Internet infrastructure company Akamai. “And if I have used this password anywhere else on the internet, the criminal will find it and will have access to it too. It spreads. It is a complex problem. “
The practice of throwing a bunch of stolen usernames and passwords across various services to see what has stalled is known as credential filling and has hit the media industry particularly hard in recent years. Between January 2018 and December 2019, credential filling attacks targeting video services doubled, according to an Akamai survey. The media industry as a whole saw 18 billion attempts in the same period. When Disney + was launched, thousands of accounts immediately appeared in the dark web markets, as hackers sniffed out password reusers. “In the short term, what this will prevent is the mass sale of credentials of this type,” says Ragan.