Netflix made waves this week after announcing that it would start the process of squelching password-sharing with people outside of one’s specific household. While the news sparked dismay for the many who offer their parents, budget-minded friends, and adult children access to their Netflix streaming accounts, security experts note the move offers account protection upsides.

In a Netflix corporate blog post, the streaming giant specifically called out those instances where the same set of credentials is used routinely at separate home addresses: “Your Netflix account is for you and the people you live with — your household.” It then warned that it would boot offending accounts or take other action to ensure that each household is paying for its own subscription.

Many noted that this anti-sharing stance is an about-face for the company’s position, given that in 2017 it tweeted, “Love is sharing a password.” But consecutive quarters of underwhelming profit growth do tend to spur changes at public companies, and it’s clear that Netflix is not immune to shareholder pressure as subscription growth has stagnated.

Hidden Cybersecurity Lesson in Netflix’s Password Crackdown

While the story may be primarily a business tale, security researchers note that the company is actually coming in line with cybersecurity best practices — offering a golden example of how business-to-consumer (B2C) organizations can foment better account safety amongst their customers.

“Even though this is a pure revenue play, the recent decision to crackdown on password-sharing brings to light the significant security risks associated with this common practice,” says Craig Jones, vice president of security operations at Ontinue, noting that there are a number of risks associated with password-sharing:

  • Sharing a password undermines control over who has access to an account, potentially leading to a greater risk of unauthorized use and account compromise;
  • Once shared, a password can be further distributed or changed, locking out the original user;
  • Worse yet, if the shared password is used across multiple accounts, a malicious actor could gain access to all of them;
  • And sharing passwords can also make users more susceptible to phishing and social engineering attacks.

“Netflix’s initiative serves as a reminder for other consumer-facing businesses to educate their customers about these risks,” Jones says. “Clear communication about the implications of password sharing is crucial. Companies should emphasize that the consequences can extend beyond the shared account to any other accounts using the same password.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source: www.darkreading.com