Netflix Wants All of Us to Understand the Cost of Password Sharing

Author: Steven Hope, CEO, Authlogics

Have you ever shared your Netflix password? If so, you are not alone. But have you stopped to think about the impact it is having? Earlier this week, it was revealed that the streaming service has lost in the region of 200,000 of its 221 million global subscribers, with millions more expected to depart in the coming months. The resulting fall in the Netflix share price (at one point 35%) was a shock for many investors, but with many of us ‘boxsetted out’ by the pandemic, and a cost-of-living crisis looming for many, what can the company do to stem the tide?

It seems one of the big bugbears for Netflix is the habit of sharing account passwords and a survey conducted by time2play in the US, indicates just how widespread it has become. In fact, more than 50% of residents in 17 states including California, Illinois, Ohio, Texas, and Wisconsin, admitted to using another person’s Netflix account.

Some may argue that it is an innocent and victimless crime rather than theft. After all, Netflix’s revenue in 2020 was $24.9 billion, more than doubling since 2017, a trend not currently looking likely to continue. So, what harm does sharing a password with family and friends really do? Sure, the company may miss a ‘few’ dollars, Euro’s, pounds etc, but would those benefitting ever actually become a customer? I suspect for many the answer is no.

Speaking as someone that has spent over a decade campaigning for businesses and people in general to practice safe passwords, the Netflix situation highlights to me how little value is placed on the password, yet how costly they are. This is especially true if there is no perceived risk to the person who owns that credential. You only need to look at the lists of the top four passwords – “123456”, “123456789”, “Qwerty” and of course “Password” – to see how much effort goes into devising something un-hackable!

Poor password practice is of course not isolated to streaming services, it is commonplace in a busy workplace. How often have you said or been asked ‘Can I borrow your login details as mine are not working?’. To make matters worse, with so many people still working from home, usernames and passwords are copied and pasted into emails, SMS, and chats with little thought of the consequences.

So, when Netflix warned that prices would need to rise if the rules continued to be broken, I was struck by how they were able to communicate to the global masses in a matter of days, the link between password abuse and financial ramification, in a way that as security professionals we could never do. However, this may have the opposite effect as inflation is everywhere right now, and I suspect more subscribers may baulk at an increase, cancel and switch to using illegal logins instead to cut their household costs.

The reality is that the likes of Netflix will struggle to move to a different authentication mode other than passwords for practical reasons. Would you use a streaming service that requires you to authenticate each time they want to watch, using a One Time Password, PIN or Code for example? I think not.

While the suggestions of advertising revenue may seem to plug some of the Netflix revenue gap, they ought to tread carefully. Paying customers don’t want to see ads, and some cost-conscious paying customers may well downgrade and accept ads to save money. However, I would urge Netflix to take a close look at technologies available that could protect its content from exploitation and piracy, without compromising the user experience of those who pay for it.

Whatever Netflix decides to do, it needs to do it quickly. The more all of us feel the squeeze on our finances the more likely we are to cancel such services or be willing to participate in the illicit sharing of passwords.  But I would also urge any organisation that uses password-based logins to look at what is happening to Netflix and ask just how much is going on in your business?

Author: Steven Hope, CEO Authlogics

Authlogics is a company on a a mission is to eliminate corporate passwords and their problems. It provides a complete End-to-End Authentication solution that is quick to deploy and easy to use. The company believes that the move away from password-based authentication is inevitable which is why its is delivering real customer-ready solutions today. For more information about Authlogics visit: www.authlogics.com