Multi-Factor Authentication Can Deter OTT Password Sharing

With streaming services competing for the limited time, attention, and money of consumers on entertainment platforms such as Netflix, Apple, Hulu, Spotify, Disney+, and Peacock, a new segment of potential customers—freeloaders—has emerged. ‘Freeloaders’ depend on the generosity of their friends, families, and significant others to share their streaming account passwords. Streamers will now have to find innovative cybersecurity methods, including two-factor authentication (2FA), to reduce password sharing without frustrating loyal customers. 

The number of people who enjoy streaming movies and TV shows for free is massive. A study suggests that a staggering four out of ten Americans admit to “mooching off someone else’s streaming account.” Today, 42% of Gen Z subscribers share their account credentials with someone outside of their household. 

Streamers are losing millions of dollars in revenue due to password sharing. According to one study, Netflix lost a whopping $135 million a month in 2019 due to account sharing. The company’s phenomenal growth over the past two years has certainly magnified this type of revenue loss. Although executives of various OTT platforms regularly downplay the effect of account sharing on the bottom line, most analysts agree that with the growing competition among the ever-rising number of streamers, policies to curb password sharing will inevitably follow. 

Streamers have experimented with various techniques to prevent account sharing during trials. However, they have stopped short in actually implementing them because of the backlash received from loyal customers. E.g., when Netflix, in a limited trial, merely sent a warning prompt urging customers suspected of password sharing to create their own accounts, the public outcry was fierce.

Streamers need to implement a solution that is familiar to customers and minimizes friction in customer experience for a rightful account owner. What could be more frustrating than sitting down to watch your favorite show after a long day only to be required to jump through multiple security checkpoints? One-time passwords (OTPs) and Instant Link™ are two solutions under the 2FA umbrella which could end password sharing. 

While OTPs are being phased out of high-risk transactions such as money transfers, they could be leveraged for low-risk use cases such as the one described above. Here’s how it could work: When a streaming service identifies a login on an unfamiliar IP address, it will send an OTP to the user’s registered cellphone. If the viewer were using their friend’s account, they would have to contact their friend and ask for the OTP, which is awkward and annoying. The OTP acts as a social deterrent, making account holders less likely to share their passwords moving forward. 

Instant Link, a more modern form of two-factor authentication, works like an OTP but is more secure and frictionless. In this scenario, account holders can click on the link texted to them rather than key in an OTP. Although Instant Link provides better security and is more convenient, it could entirely curtail password sharing.

Each streamer will have to find the sweet spot between creating friction for individuals using someone else’s password and ensuring ease of use for account holders. Streamers eager to restrain password sharing without frustrating customers can use both forms of two-factor authentication. With companies aggressively focusing on the lost revenue caused by ‘freeloaders,’ the use of OTPs and Instant Links is likely to proliferate. 

This article is a synopsis of a blog published by Prove.