• Resources
  • Blogs
  • Why You Shouldn’t Share Your Netflix Password, Even With Your Parents

Why You Shouldn’t Share Your Netflix Password, Even With Your Parents

Alex McConnell
Alex McConnell
22/03/22
3 Minute read
netflix blog banner image

Article Contents

    Until recently, Netflix wasn’t too concerned about its members sharing their accounts with friends and family. In a 2016 statement, Reed Hastings, Netflix CEO said “password sharing is something you have to learn to live with, because there’s so much legitimate password sharing, like you share with your spouse, with your kids… so there’s no bright line, and we’re doing fine as it is.”

    Netflix enforces sub-accounts for sharing access between households

    However, during the pandemic Netflix began seeing its market share slipping with the emergence of rival services like Disney+ and Apple TV+. In March 2021, Netflix users logging into shared accounts reported seeing a message on the service telling them, “If you don’t live with the owner of this account, you need your own account to keep watching.”

    Further tests in different locations followed, until finally in May 2023 Netflix began enforcing “one account per household” restrictions on its entire user base.

    Now, if Netflix detects an attempt to stream from outside the primary member’s household, that user must confirm their identity via multifactor authentication (MFA) code sent via SMS or email. Members can still add an extra member from outside their own household to their account, but for an additional monthly fee.

    Has the Netflix password sharing crackdown been effective?

    Financially, the move to prevent accounts being shared across households has been a big success for Netflix to date. The number of new subscribers, presumably made up in part by those now forced to make their own accounts or pay for sub-accounts, has seen a significant boost – as has the Netflix share price.

    This might seem like evidence of nothing but money-grabbing to the average consumer, but it’s undeniable that there are also legitimate security benefits to this perhaps unpopular move.

    Netflix Profile select screen
    Netflix will soon allow profiles to be transferred to paid sub-accounts

    Poor password hygiene 101

    There is no skirting around the fact that sharing your password or login details with anyone is always bad. Along with reusing the same password across multiple services or writing them on a sticky note on your monitor, it’s one of the worst things you can do with your passwords.

    Let’s recap some bad password hygiene practices:

    Sharing your password with others

    Why? Because you have no control over anyone else’s password hygiene practices.

    Using the same password on more than one service

    Why? Because if the service suffers a data breach, hackers can use credential stuffing bots to automatically break into your other accounts.

    Using common or weak passwords

    Why? Because hackers can crack common or weak passwords in less than a second.

    Writing your password down (e.g., on a sticky note or an unsecured notepad)

    Why? Because anyone who catches a glimpse at this can access and abuse your accounts.

    Not using password manager software

    Why? Because password managers take care of a lot of the above problems for you.

    Why can’t I trust my parents/best friend/cousin/dog walker with my password?

    Sharing passwords amongst households increases the risk of other attacks because it simply reduces your control. You don’t know how the passwords are being stored by others or whether they’re being recycled elsewhere. You might be savvy to phishing emails or be able to tell when a web address is fake, but not everyone is as aware of these password-stealing ploys.

    A report by LastPass in 2020 revealed that although 91% of users claim to understand the risks of reusing passwords, 66% did so anyway.

    According to Netacea threat researcher Liam Jones, “We have come a point where Netflix has had to act. It takes me 10 seconds to find a catalogue of stolen Netflix accounts [on the dark web], and it’s customer password hygiene that allows this to happen.”

    What’s next for password sharing and authentication?

    Passwords are becoming a less trusted form of authentication, at least when used in isolation. Many services are now turning to MFA as the next stage of user account security.

    While MFA is seen as less easily exploited than passwords, in truth it can still be bypassed through various well-known techniques. Unfortunately, many organizations are unaware of this and have developed a false sense of security if they are using even weak MFA practices.

    The best advice for consumers right now is to practice good password hygiene and use all the tools available, such as password managers and MFA where available – and don’t share your Netflix password with anyone.

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.
    Book

    Related Blogs

    Price Scraping: How Does it Work and Who is at Risk?
    Blog
    Alex McConnell
    |
    19/11/24

    Ask the Experts: Black Friday Bot Attacks

    Get expert insights on the growing threat of Black Friday bot attacks and what retailers can do to stay one step ahead.
    Shopping trolley
    Blog
    Alex McConnell
    |
    14/11/24

    Evolution of Scalper Bots Part 5: The Rise of Retail Scalping

    Delve into the professionalization of scalper bots and the challenges in anti-bot legislation in our insightful blog post.
    Person hiding behind Google logo
    Blog
    Alex McConnell
    |
    13/11/24

    How Bot Expertise Stopped the Google Translate Bot Proxy Technique

    The Netacea data science team reveals a new attack technique: web scrapers using Google Translate as a proxy. Learn how to detect and protect against this evolving bot threat.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats

    Book a Demo

    Address(Required)
    Privacy Policy(Required)