Is Netflix Really Cracking Down on Password Sharing? Plus, the Dos and Don’ts of Sharing Any Password.
Is the streaming giant actually going to kick grandma off your account? Plus, the best way to share passwords with anyone, anywhere.
Recent reporting that Netflix was starting to crack down on password sharing sent shivers down the internet’s collective spine. The concern is warranted, as research shows many of us would be caught out if such a policy were widely enacted. According to research firm Magid, 33% of subscribers to streaming services (not just Netflix) share their passwords with other people. (And password sharing, in general, isn't a narrow phenomenon—it's also rampant in the workplace for professional accounts.)
If that statistic is accurate, that means about 66 million of Netflix’s reported 200+ million subscribers are sharing their account with at least one other person. Analysts estimate that this sharing “costs” Netflix $6.2 billion in unrealized revenue. But changing their policies or even just trying to enforce what’s already there could end up being more trouble than even $6.2 billion is worth.
Netflix’s password policy problem
Password sharing isn’t unilaterally against Netflix’s terms of service; their policy is against sharing “beyond your household.” Analyst Nat Schindler says that of Netflix-specific subscribers, 26% self-reported sharing passwords, with fully half of that number asserting that they were sharing with family members who live in multiple locations. Does that still count as a household?
The speculation about the crackdown arose after some customers reported seeing the in-app message “If you don’t live with the owner of this account, you need your own account to keep watching.” This indicates a narrower definition of “household” than perhaps many have. After seeing the message, customers had the option to verify with a two-factor authentication (2FA) code that they owned the account, to buy their own plan right then and there, or to complete this verification later. (Nothing stopped a customer from verifying the account by contacting the actual account owner for the 2FA code.)
Who would a crackdown on password sharing really hurt?
Netflix has long acknowledged password sharing as a somewhat-inevitable pitfall of their business model. CEO Reed Hastings has even remarked that some account sharing is a “positive thing” and that it’s something Netflix has to “learn to live with.”
It seems pretty clear now that this rumored crackdown was (and is likely to remain) simply a test. Netflix may find that just prompting people to verify might be enough of a nudge to get some to subscribe even if the enforcement is ultimately toothless.
It’s likely, too, that Netflix realizes that their affable, accessible, consumer-friendly brand would be harmed by a move that many would characterize as curmudgeonly. A password-sharing crackdown on a service that’s explicitly for entertainment would definitely garner backlash after a year of increased economic hardships for consumers, when many were affected by joblessness and other pandemic-related financial strains. And with the streaming giant’s 2020 revenue coming in at $25 billion dollars, sympathy for the corporation’s “plight” would likely be in short supply.
Faced with the added pressure of increased competition from relatively new streaming services like Disney+, Netflix might be making a careful calculation: Would the potential profits from additional subscriptions outweigh the hit to brand reputation as indignant customers jump ship in an increasingly commoditized streaming space? With brand a more important differentiator than before, the answer is most likely no.
It will probably not surprise you that a password management company like Dashlane doesn’t recommend sharing passwords willy-nilly. There’s a way to share passwords as securely as possible, and then there’s the way most people share passwords.
Giving another person access to any online account you own is risky for several reasons:
- The person you share with might have malicious intent. We’re not trying to scare you, and this is probably rare. But it’s not outside of the realm of possibility that if you reveal a password to someone, they have full access to your account, can see everything inside it, and can change the password and lock you out of it! Now, if you reuse that password elsewhere, this person also has access to those accounts. (Cue the scary music.)
- You can’t control other people’s digital hygiene. Even if the person you share a password with is trustworthy, what about someone they choose to share that password with? What if they write it down on a sticky note and leave it on their work computer? What if they leave your account logged in in a public place? Even without malicious intent, fully revealing passwords to anyone significantly increases your “attack surface”—the open avenues by which someone could hack or compromise your accounts.
- Your sharing method might be unsecure. Let’s imagine that not only is the person you shared with trustworthy, but they’ve also taken a sacred oath by the light of the last full moon to never share that password with anyone else, nor write it down, nor leave your account logged in on their device, etc. Even then, if you emailed them that password and someone hacks your company’s email, your password is still compromised. If you shared it in a text message and you lose your phone, same story.
It’s important to stress that any time you give someone access to an account you own, you’re taking a risk. However, there are ways to share a password that are much more secure (and even more convenient) than sending it to someone in plaintext. You’re going to be absolutely shocked, but the answer is:
You should only ever share passwords through a password manager.
Why? Here are 5 great reasons:
- The password stays encrypted when you send it. If you’re sharing a password in Dashlane with someone else using Dashlane, the password remains encrypted while it’s being sent and is only ever decrypted locally on your device.
- You can limit the ability to view the password while still giving access. As we mentioned, if you’re ever giving someone full access to a password, even in a password manager, they’ll be able to see it and therefore change it. If you share it with “limited” rights, however, that means that their Dashlane app will autofill it and can log them in using it, but they’ll never be able to see the actual password in plaintext. All they’ll see is dots in Dashlane and in the password field, but the login will still work like magic.
- You can revoke access at any time. Nasty breakup? Switching roommates? Someone leaving your company? Simply use your password manager to revoke access to any shared credentials and carry on with your day without a worry. (You can learn more on the importance of secure sharing with coworkers and teams.)
- If you need to change the password, you don’t need to reshare it. What’s more annoying than needing to use a shared password and realizing that someone changed it and didn’t tell you? (Or maybe you’re the annoying person who changed it and forgot to tell people!) Instead, just update the credential in Dashlane and everyone you’ve shared it with will get the update automatically.
- You can ensure that any password you share is super complex and unique to that account. One of the best things about using a password manager is that when you no longer have to remember every single last password, you can afford to make every password a long, complex, randomized string of characters. In other words: strong and practically uncrackable. Upping the complexity of every password and “sandboxing” every account by never reusing passwords between accounts is the best practice for your personal digital security.
Even if you don’t currently share your Netflix password within (or “beyond”) your household, you can still share any password safely and easily using an app like Dashlane.