Why You Shouldn’t Share Your Netflix Password, Even With Your Parents
4 minutes read
Until recently, Netflix wasn’t too concerned about its members sharing their accounts with friends and family. In a 2016 statement, Reed Hastings, Netflix CEO said “password sharing is something you have to learn to live with, because there’s so much legitimate password sharing, like you share with your spouse, with your kids… so there’s no bright line, and we’re doing fine as it is.”
Netflix enforces sub-accounts for sharing access between households
However, during the pandemic Netflix began seeing its market share slipping with the emergence of rival services like Disney+ and Apple TV+. In March 2021, Netflix users logging into shared accounts reported seeing a message on the service telling them, “If you don’t live with the owner of this account, you need your own account to keep watching.”
Further tests in different locations followed, until finally in May 2023 Netflix began enforcing “one account per household” restrictions on its entire user base.
Now, if Netflix detects an attempt to stream from outside the primary member’s household, that user must confirm their identity via multifactor authentication (MFA) code sent via SMS or email. Members can still add an extra member from outside their own household to their account, but for an additional monthly fee.
Has the Netflix password sharing crackdown been effective?
Financially, the move to prevent accounts being shared across households has been a big success for Netflix to date. The number of new subscribers, presumably made up in part by those now forced to make their own accounts or pay for sub-accounts, has seen a significant boost – as has the Netflix share price.
This might seem like evidence of nothing but money-grabbing to the average consumer, but it’s undeniable that there are also legitimate security benefits to this perhaps unpopular move.
Poor password hygiene 101
There is no skirting around the fact that sharing your password or login details with anyone is always bad. Along with reusing the same password across multiple services or writing them on a sticky note on your monitor, it’s one of the worst things you can do with your passwords.
Let’s recap some bad password hygiene practices:
Sharing your password with others
Why? Because you have no control over anyone else’s password hygiene practices.
Using the same password on more than one service
Why? Because if the service suffers a data breach, hackers can use credential stuffing bots to automatically break into your other accounts.
Using common or weak passwords
Why? Because hackers can crack common or weak passwords in less than a second.
Writing your password down (e.g., on a sticky note or an unsecured notepad)
Why? Because anyone who catches a glimpse at this can access and abuse your accounts.
Not using password manager software
Why? Because password managers take care of a lot of the above problems for you.
Why can’t I trust my parents/best friend/cousin/dog walker with my password?
Sharing passwords amongst households increases the risk of other attacks because it simply reduces your control. You don’t know how the passwords are being stored by others or whether they’re being recycled elsewhere. You might be savvy to phishing emails or be able to tell when a web address is fake, but not everyone is as aware of these password-stealing ploys.
A report by LastPass in 2020 revealed that although 91% of users claim to understand the risks of reusing passwords, 66% did so anyway.
According to Netacea threat researcher Liam Jones, “We have come a point where Netflix has had to act. It takes me 10 seconds to find a catalogue of stolen Netflix accounts [on the dark web], and it’s customer password hygiene that allows this to happen.”
What’s next for password sharing and authentication?
Passwords are becoming a less trusted form of authentication, at least when used in isolation. Many services are now turning to MFA as the next stage of user account security.
While MFA is seen as less easily exploited than passwords, in truth it can still be bypassed through various well-known techniques. Unfortunately, many organizations are unaware of this and have developed a false sense of security if they are using even weak MFA practices.
The best advice for consumers right now is to practice good password hygiene and use all the tools available, such as password managers and MFA where available – and don’t share your Netflix password with anyone.
Subscribe and stay updated
Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.
By registering, you confirm that you agree to Netacea's privacy policy.