Yes, Password-Sharing Crackdowns Suck — but They May Be Preventing Identity Theft

Tony Maglio

May 3, 2024 at 11:00 AM·4 min read

For Dan Draper, the CEO of data-protection company CipherStash, two-factor authentication is just a start. There’s also his password-manager tool, a handy hardware token, and even a hi-tech biometric keyboard keeping hackers at bay. As a matter of fact, pretty much the only way Draper feels susceptible to a data breach is through his streaming-video services.

Draper told IndieWire that “some properties” of streaming services can make them prime targets for hackers. You know that Netflix account that up until recently you shared with friends and relatives? It was a potential hack waiting to happen. (This is not in any way an indictment on Netflix’s security but merely a widely understandable example.)

More from IndieWire

“The idea of password-sharing does put things at a higher risk,” Draper said.

After all, passwords are not just “the only way that we protect our access,” they’re “a terrible security mechanism” to start with. And now you’ve shared it with four other households, who may not be as security-conscious as you, the honorable original subscriber.

“The analogy is if you’ve got a big, beautiful steel door on the front of your house with the best, most-expensive lock and biometrics and all the rest of it,” Draper said, “but you’ve left your window wide open.”

The window, in this scenario, is probably your mother-in-law. Draper’s got his windows nailed shut and barred up — but most of us do not.

Should your Netflix password end up on, say, the dark web, it won’t be so some computer-savvy cheapskate can watch “Baby Reindeer” for free. The bigger-picture idea is to either a) collect ancillary data that can serve as one link in the chain of identity theft, or b) to see if you were dumb enough to use the same password where web security actually matters, like banking.

The practice of attempting to use a password stolen from one site on another site is called credential stuffing. That was the intention beyond the latest Roku data breach, in which more than half a million streaming accounts were compromised. Draper says he could have stopped it outright, or at least within the first few thousand. (He also says it wasn’t Roku’s system that failed but the systems of its partners.)

That’s his job. If only your streaming-video services did their jobs as it pertains to data security.

Something as simple as two-factor authentication can greatly reduce the risks of a data breach. Among Draper’s corporate clients, multi-factor authentication is considered “the best bang-for-your buck technique… to protecting access.”

But as far as he can tell, no streaming service actually uses it. Why? They are already “getting a lot of pushback from customers” on the password-sharing crackdowns; adding another step will add to the safety, yes, but also to the grief. Multi-factor authentication creates “friction,” Draper said, which can frustrate streaming subscribers right out of being subscribers. That’s the fear, at least.

Welcome to Roku City — Roku City can be dangerous after darkCourtesy of Roku

Streaming platforms are doing one thing right when it comes to privacy: The password-sharing crackdowns in the streaming industry are “quite possibly” saving identity theft, Draper said. “Certainly the fact that Netflix has taken steps in that direction reduces the risk.”

Max, Disney+, and Hulu are taking the same step toward ending account-sharing — not that we expect anyone to thank them for being so concerned with their data security. The password-sharing crackdowns, of course, are not because the services are so altruistic: Netflix’s “paid sharing” program has become a huge new revenue stream for the king of all streamers. Everyone wants a piece of that; and as per usual, everyone is following Netflix.

Even worse than sharing passwords (and much worse than having weak ones), Draper says, is repeating passwords — especially between a low-risk website and a high-risk one. In other words, definitely do not repeat a password “between your banking and your Netflix,” Draper said.

“That’s probably the worst thing you could do.”

Best of IndieWire

Yahoo Sports
Celtics C Kristaps Porzingis reportedly expected to miss start of Eastern Conference finals
The Celtics are optimistic the big man will return at some point in the series.
Yahoo Sports
PGA Championship: Will Zalatoris says group of players considered asking for postponement after death, Scottie Scheffler arrest
It was a surreal day at the PGA Championship.
TechCrunch
Slack under attack over sneaky AI training policy
It all kicked off last night, when a note on Hacker News raised the issue of how Slack trains its AI services, by way of a straight link to its privacy principles -- no additional comment was needed.
Yahoo Sports
Indy 500: How to watch the practices and qualifying rounds
While you wait for the Indy 500, you can tune into all the practice action on the track.
Yahoo Life
Kelly Clarkson is the latest celebrity to admit to using weight loss drugs. Do stars have a responsibility to share?
Are celebrities obligated to tell the world that they're using medication to aid in weight loss? Here's what experts say.
Yahoo Personal Finance
Online banking vs. traditional banking: Which one is right for you?
Choosing where to bank is a key financial decision, but you may be wondering what’s better: online banking vs. traditional banking. Here’s what to know.
Yahoo Music
K-pop group NewJeans is at the center of messy feud: What to know
Breaking down the ongoing K-pop drama between ADOR CEO Min and Hybe.
Yahoo Life Shopping
The 27 best Walmart deals to shop this weekend — save up to 75% on early Memorial Day sales, summer essentials and more
Ready for your pre-summer perusal: A massive patio umbrella for over half off, a 65-inch Hisense smart TV for under $500 and a Keurig hot/iced coffeemaker for nearly $70 off.
Yahoo Personal Finance
What is a VA Certificate of Eligibility, and how do you get one?
You need a VA Certificate of Eligibility to get a VA home loan. Learn what a VA COE is and how to get one.
TechCrunch
Meta's latest experiment borrows from BeReal's and Snapchat's core ideas
Meta is once again taking on its competitors by developing a feature that borrows concepts from others -- in this case, BeReal and Snapchat. The company is developing a feature for Instagram called “Peek” that would allow users to post authentic pictures that can only be viewed once. While Snapchat popularized the idea of ephemeral content on social media, BeReal led the trend of posting authentic, unedited content.
Yahoo News
Courtroom sketch artists capture history at Trump's hush money trial. Here are some of the best.
Since it’s not being televised, — the only images of testimony from inside the courtroom are portraits being done by sketch artists like Jane Rosenberg, whose sketches depict Trump and other key figures in various states and moods.
Yahoo Life Shopping
The 40+ best Amazon early Memorial Day deals: Save up to 80% on summer essentials, vacuums, tech and more
A No. 1 bestselling Ninja air fryer for $80 is calling our name, as is a sleek stick vac marked down by over 50%. That's just for starters.
Yahoo Sports
Don’t forget the tragedy at the heart of this year’s PGA Championship
Over and above all the concern about Scottie Scheffler’s arrest, there’s this: someone died at a golf tournament Friday.
Autoblog
Nissan gets it on with the loud "Karaok-e" van concept
Nissan of Europe creates a one-off Townstar Evalia electric van with a karaoke lounge in the back with lights and screens and microphones.
Engadget
The OpenAI team tasked with protecting humanity is no more
In the summer of 2023, OpenAI created a “Superalignment” team whose goal was to steer and control future AI systems that could be so powerful they could lead to human extinction. Less than a year later, that team is dead.
Yahoo Sports
Yankees looking to extend Juan Soto, Elly De La Cruz is unreal & listener emails
Jake Mintz & Jordan Shusterman discuss the Yankees looking to extend Juan Soto during the season, Elly De La Cruz being dangerous on the base paths, answer some listener emails and give their weekly rendition of the Good, the Bad & the Uggla.
Yahoo Life Shopping
This popular and flattering spring dress is up to 45% off: 'I feel so attractive'
Chic and timeless, this stunner with 6,800 five-star ratings is as little as just $34.
Engadget
Apple is said to be working on a 'significantly thinner' iPhone
The iPhone could be going the way of the iPad Pro by becoming much thinner next year. However, you'll may have to pay quite a lot for this rumored slender model, which may replace the Plus in the annual iPhone lineup.
Yahoo Personal Finance
Can you buy an apartment instead of renting?
You can’t own an apartment, but you can buy a condo or buy into a co-op, which may be a similar experience. Discover what the best home type is for you.
Yahoo Life
'So much better than ordinary flip-flops': Save up to 50% on podiatrist-approved Clarks sandals — starting at $28
The brand 'offers a lot of support,' says a foot doc — snag a pair for this summer or use as house slippers all year long.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Yes, Password-Sharing Crackdowns Suck — but They May Be Preventing Identity Theft

Recommended Stories

Celtics C Kristaps Porzingis reportedly expected to miss start of Eastern Conference finals

PGA Championship: Will Zalatoris says group of players considered asking for postponement after death, Scottie Scheffler arrest

Slack under attack over sneaky AI training policy

Indy 500: How to watch the practices and qualifying rounds

Kelly Clarkson is the latest celebrity to admit to using weight loss drugs. Do stars have a responsibility to share?

Online banking vs. traditional banking: Which one is right for you?

K-pop group NewJeans is at the center of messy feud: What to know

The 27 best Walmart deals to shop this weekend — save up to 75% on early Memorial Day sales, summer essentials and more

What is a VA Certificate of Eligibility, and how do you get one?

Meta's latest experiment borrows from BeReal's and Snapchat's core ideas

Courtroom sketch artists capture history at Trump's hush money trial. Here are some of the best.

The 40+ best Amazon early Memorial Day deals: Save up to 80% on summer essentials, vacuums, tech and more

Don’t forget the tragedy at the heart of this year’s PGA Championship

Nissan gets it on with the loud "Karaok-e" van concept

The OpenAI team tasked with protecting humanity is no more

Yankees looking to extend Juan Soto, Elly De La Cruz is unreal & listener emails

This popular and flattering spring dress is up to 45% off: 'I feel so attractive'

Apple is said to be working on a 'significantly thinner' iPhone

Can you buy an apartment instead of renting?

'So much better than ordinary flip-flops': Save up to 50% on podiatrist-approved Clarks sandals — starting at $28