Netflix Can Cut Off Moochers Without a Password-Sharing Crackdown

Credit to Author: Lily Hay Newman| Date: Wed, 20 Apr 2022 18:09:04 +0000

To revist this article, visit My Profile, then View saved stories.

To revist this article, visit My Profile, then View saved stories.

Netflix has been trying to crack down on password sharing for more than a decade. But in the last year, and more strongly this week, the company has given serious signs that the party is almost over. Rather than indiscriminately curtailing this beloved latitude, though, Netflix could make some basic tweaks to cut down on freeloaders without snubbing longtime customers who just want to help out a friend. 

In a letter to shareholders on Tuesday, the streaming giant said it had a net loss of about 200,000 subscribers this quarter, from 221,840,000 down to 221,640,000. And Netflix is projecting that those numbers will keep sliding down to roughly 219,640,000 people in the second quarter of 2022. The company estimates that there are more than 100 million additional households, including more than 30 million in the US and Canada, mooching off of paid accounts.

Netflix's stock plunged on Wednesday morning, and the company is clearly in triage mode. 

“I feel like Netflix is in crisis-reaction mode and taking a large pendulum swing in one direction, but they haven't given users the necessary tools to address it first,” says David Kennedy, CEO of the incident response consultancy TrustedSec. “Even just warnings saying, 'this doesn't seem like you' could be a better approach than taking a hardline stance against shared accounts.”

The shareholder letter says that Netflix's “relatively high household penetration—when including the large number of households sharing accounts—combined with competition, is creating revenue growth headwinds” and that it plans to get back on track  “through improvements to our service and more effective monetization of multi-household sharing.”

One basic thing Netflix could do to curb the number of people using shared accounts is to add a list in Settings of all the devices an account is active on, with the ability to select which to keep and which to cut. That way, the owner of the account could easily prune the list—logging out devices they don't recognize and the Roku at the Airbnb they stayed at last year. Currently, Netflix only provides a log of devices that have recently used the account and the option to log out every device at once. 

Sure, disconnecting every device linked to your Netflix account is a great way to purge and start fresh. It's also a pain to deal with, and unlikely to be an appealing option for most Netflix users. That's why giving users the ability to choose which devices remain connected is a simple way to whittle down the 100 million moochers to something more reasonable.

Since in many cases people don't actually know the password to the random Netflix account they're using for free, simply letting users boot off unknown devices from their accounts would probably be enough. If Netflix really wanted to make this system work to its advantage, it could force a password reset and automatically reconnect every device a user selects. That way, users have an easy way to clean up their list of connected devices, and Netflix has a surefire way to curtail runaway account sharing.

Rather than going this route, though, Netflix recently began piloting a strategy in Chile, Costa Rica, and Peru that would more comprehensively address the issue. “Add an Extra Member” would be a way to add subaccounts for a few extra users at a low monthly cost so the number of people you share the account with lines up more closely with the number of people Netflix knows are on your account. The approach would align more closely with streaming services like Spotify that offer family plans with a limited number of sub-users. In many of those family plans, each member has their own login to eliminate the Netflix model of password sharing entirely. 

Another feature Netflix is piloting, “Transfer Profile to a New Account,” would allow users to transfer the data from just their profile (things like viewing history, tailored recommendations, and bookmarks) to a new account or subaccount. Unlocking this data, the thinking goes, reduces the incentive for people to stay on shared accounts forever.

Asking customers to pay a bit more to share their passwords sounds like an obvious and reasonable approach. But given that Netflix's Standard service already costs more than $15 per month and $20 for Premium (the top end of the range for comparable video streaming services), adding additional per-user fees may not solve Netflix's customer-bleed problem.

Netflix password sharing has always been a security issue for a few reasons. If your Netflix password is also the password for some of your other accounts, you're exposing multiple services through the simple gesture of sharing movies with a friend. And even if you don't reuse your Netflix password on other accounts, easy-to-share passwords are fundamentally flawed. It's trivial for password-cracking tools to guess “lolnetflixpassw0rd.” And because it's so easy to share, there's nothing to stop your sister from sharing it with her girlfriend, who then shares it with everyone on her team at work. Then one of her colleagues gets phished, and surprise! Now your password is being sold on a dark-web forum.

Whatever Netflix does next, it's unlikely to happen widely anytime soon. “It’ll take a while to work this out and get that balance right,” COO Greg Peters reportedly said during Tuesday's earnings call. “My belief is that we will go through a year or so of iterating, and then deploying that.” And that's good news all around.

“In security, it doesn't work well when you slap a new control in place that impacts all users,” TrustedSec's Kennedy says. “What works more effectively is subtle changes, giving users information, and explaining what's acceptable and what's not over time.”

https://www.wired.com/category/security/feed/