Netflix's Password-Sharing Ban Offers Security Upsides

The streaming giant is looking to bolster flagging subscription growth and profits, but security researchers say the move offers a perfect opportunity to encourage better password hygiene and account safety.

A photo of a desk with a mobile phone showing the Netflix logo.
Source: kasinv via iStock

Netflix made waves this week after announcing that it would start the process of squelching password-sharing with people outside of one's specific household. While the news sparked dismay for the many who offer their parents, budget-minded friends, and adult children access to their Netflix streaming accounts, security experts note the move offers account protection upsides.

In a Netflix corporate blog post, the streaming giant specifically called out those instances where the same set of credentials is used routinely at separate home addresses: "Your Netflix account is for you and the people you live with — your household." It then warned that it would boot offending accounts or take other action to ensure that each household is paying for its own subscription.

Many noted that this anti-sharing stance is an about-face for the company's position, given that in 2017 it tweeted, "Love is sharing a password." But consecutive quarters of underwhelming profit growth do tend to spur changes at public companies, and it's clear that Netflix is not immune to shareholder pressure as subscription growth has stagnated.

Hidden Cybersecurity Lesson in Netflix's Password Crackdown

While the story may be primarily a business tale, security researchers note that the company is actually coming in line with cybersecurity best practices — offering a golden example of how business-to-consumer (B2C) organizations can foment better account safety amongst their customers.

"Even though this is a pure revenue play, the recent decision to crackdown on password-sharing brings to light the significant security risks associated with this common practice," says Craig Jones, vice president of security operations at Ontinue, noting that there are a number of risks associated with password-sharing:

  • Sharing a password undermines control over who has access to an account, potentially leading to a greater risk of unauthorized use and account compromise;

  • Once shared, a password can be further distributed or changed, locking out the original user;

  • Worse yet, if the shared password is used across multiple accounts, a malicious actor could gain access to all of them;

  • And sharing passwords can also make users more susceptible to phishing and social engineering attacks.

"Netflix's initiative serves as a reminder for other consumer-facing businesses to educate their customers about these risks," Jones says. "Clear communication about the implications of password sharing is crucial. Companies should emphasize that the consequences can extend beyond the shared account to any other accounts using the same password."

About the Author(s)

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights