The Password Sharing Crackdown: a Delight of Security Professionals, a Nuisance for Users
By Aubrey Turner
Do you share a Hulu login with your former roommate? Do you split the cost of a Paramount + subscription and hop on your sibling’s account? Your recommended shows list might be eclectic because of the various users, but the saved $5 to $15 per month is worth it, right?
Those in the IT space (or those who read the headlines) are well aware of the disasters that can befall individuals and enterprises who have poor password habits. At the top of that bad habits list is sharing passwords. Yet, 100 million households streamed Netflix without paying.
Streaming services – namely Netflix and perhaps Disney+ – are cracking down on account and password sharing. Though their motivations are financial, this initiative will also cut down on major security vulnerabilities that stem from shared passwords. Password sharing is a slippery slope. One shared Netflix password could open a gateway into online shopping accounts, online investment portfolios, medical records and more.
Is Cracking Down on Password Sharing a Business or Security Move? (Trick Question: it’s both)
When Netflix announced the end of account sharing, streamers caused an uproar. Eighty-six percent of people pay for more than one streaming service, and those who lurked on the accounts of their friends, relatives and loose acquaintances were irate that they must shell out for yet another content library. Netflix gave users plenty of notice of the changes, announcing the end of account sharing in April and then putting its foot down in June 2023.
Despite the initial complaints, the end of password sharing has proven to be a smart business move. Streaming platforms have seen a record number of signups since the crackdown. While major corporations likely care more about the influx of users and cash, the secondary benefit of the end of password sharing is the boosted security of customers.
The average person may not realize the severe security implications of password sharing. When people share accounts, their attack surface broadens. When you think you’re sharing one streaming platform with an acquaintance, it could be that they’re logging in on a handful of other devices, connecting to unsecure networks or sharing your account details with their friends. More than 15 billion compromised credentials are swirling around the dark web. All it takes is for one of your – or your streaming partner’s – dozens of online accounts or devices to experience a breach for your information to make it into the clutches of a bad actor.
Crime is a cybercriminal’s day job. They have all day to execute ongoing brute force attacks, password spraying or credential sniffing attacks to get into your accounts. Fifty-three percent of people use the same password across multiple accounts, a fact hackers are counting on and benefiting from.
Online security should be a priority for everyone, but many consumers dismiss it in favor of convenience. The next frontier for any company with an online presence (aka nearly everyone) is to understand their customers along with their priorities and use those discoveries to inform secure decisions that don’t negatively impact customer experience and satisfaction. Instead of viewing any modifications as a business hurdle, view it as an opportunity to enhance company-customer trust through data-driven and secure customer experiences.
The Future of Logins Is Passwordless
Among security professionals, passwords are notorious weak links – with 94% of leaders having concerns about user generated passwords. On top of that, 75% of Americans are frustrated with passwords. The climate is ripe for change. The time for a passwordless revolution is now.
Going passwordless is critical in ensuring customers have secure, fast and frictionless digital experiences that drive engagement, not frustration. One of the consumer gripes about passwords is that they slow down the login process, especially when they need to reset a password. Passwords always seem to introduce friction at the most inconvenient times. This login inconvenience could even turn away consumers, as 61% would switch to a competitor if it offered a significantly easier login process. There’s also a business case here. Twenty to 50% of all service desk calls deal with password resets and each interaction with the help desk incurs a cost of roughly $70. Not to mention the unease security leaders feel about the flimsiness of their current password protocols.
Passwordless logins encompass biometrics, one time codes, push notifications, QR codes and other passwordless authentication methods. It’s impossible to forget your fingerprint. Smartphones are always within arm’s reach, making receiving one-time codes hardly a nuisance. It’s significantly easier for cybercriminals to purchase usernames and passwords on the dark web than to use your face to compromise accounts in a cyberattack. Convenience, speed and security are paramount. Passwordless logins deliver on it all.
Creating a New Norm for Passwords
Cyberattacks are at an all-time high, so clearly the security policies currently in place are not cutting it. While there may be growing pains at the onset of new passwordless policies, the more secure and seamless experience that users (and businesses) will enjoy down the line is well worth it. To thrive in a modern online world, everyone must adopt modern approaches to accessing and storing data. Passwordless is the way forward.
Aubrey Turner has extensive background successfully delivering strategic, enterprise cyber security solutions to Fortune 1000 companies that addresses business problems, strengthens organizations, reduces risk and delivers positive business outcomes. Aubrey has demonstrated rapport and consensus building with key stakeholders.