Netflix’s crackdown on password sharing has a silver lining



[ad_1]

Look, let’s be honest. Sharing passwords is as endemic to the Netflix experience as canceling your favorite show for two seasons. So when the streaming service begins to test ways to reduce this practice, it’s understandable that the many people who have come to expect joint accounts as of course. And yes, it’s always boring when a sauce train goes off the rails. But even if that’s not Netflix’s top priority here, it’s best to keep your password to yourself.

The limited test presented by Netflix this week is essentially a form of two-factor authentication, the type you hopefully already have on most of your online accounts. Some users have started to see the following prompt when they settle in for a frenzy: “If you don’t live with the owner of this account, you need your own account to keep watching.” Underneath there is an option to email or SMS a code to the account owner, which you can enter to continue watching.

“We are still learning. We are certainly in the very early stages, ”said a source close to the trial. “The intent is not to apply, right now it’s really to learn how we verify information so that we can balance the scales of security issues that can result from unauthorized sharing.”

Yes, security concerns. And while Netflix’s flirtation with cracking down on password sharing is by no means altruistic – no one has read the terms of service, but it specifies that your account “cannot be shared with people on the Internet.” outside your household ”- it’s also true that sharing usernames and passwords with even your closest connections can have dire consequences.

“There seems to be a misconception that sharing passwords with known people is not dangerous,” says Jake Moore, cybersecurity specialist at security firm ESET. “The truth is, we shouldn’t be sharing passwords, and the addition of multi-factor authentication will help this process stay better protected.”

Ok but why? What’s the real problem if I pass my password on to a cousin or not-so-simple acquaintance? It can take many forms. The most basic is also the most harmless: although you can share your connection with only one friend, you cannot control how many people they share it with afterwards, and how many people those people share it with, and and so on. , like an old Fabergé advertisement. When WIRED lead writer Lily Hay Newman audited the Hulu account she owned a few years ago, she found over 90 licensed devices.

Of course, freeloaders mainly threaten the cohesion of your recommendation lists. This is not the end of the world. However, they could also steal all the personal data from your profile.

The much bigger problem is that the wider the password circle, the more personally you take the risk of your password being compromised. And given how often people reuse passwords across multiple sites and services, that means your exposure could extend far beyond Netflix.

“Because I shared my password with you and you got hacked, this criminal now has my password,” says Steve Ragan, researcher at Internet infrastructure company Akamai. “And if I have used this password elsewhere on the Internet, the criminal will find it and there will be access as well. It’s spreading. It is an aggravating problem. “

The practice of throwing a bunch of stolen usernames and passwords at various services to see what sticks is known as credential stuffing, and it has hit the media industry particularly hard these last years. Between January 2018 and December 2019, ID jam attacks targeting video services doubled, according to an Akamai study. The media industry as a whole experienced 18 billion attempts during the same period. When Disney + launched, thousands of accounts immediately popped up in dark web markets as hackers sniffed at password reusers. “In the short term, what’s going to stop is the wholesale sale of credentials like this,” says Ragan.

[ad_2]

Source link