As the streaming wars heat up and a growing number of entertainment platforms like Netflix, Apple, Hulu, Spotify, Disney+, and Peacock compete for the limited time, attention, and money of consumers, a new segment of potential customers have found themselves in the crossfire: the freeloaders who depend on the generosity of their friends, families, and significant others to share their passwords to their streaming accounts. Going forward, streamers will have to find innovative cybersecurity methods, including two-factor authentication (2FA), to curb the practice of password sharing without alienating loyal customers. 

The number of people who enjoy streaming movies and TV shows for free, thanks to the generosity of their password-sharing friends, is massive. In fact, one study found that a staggering four out of ten Americans admit to “mooching off someone else’s streaming account.” When it comes to sharing accounts, there’s a clear generational divide. According to another study, “35% of millennials share passwords for streaming services. That’s compared with 19% of Generation X subscribers and 13% of Baby Boomers.” This generational divide is only widening. Today, 42% of Gen Z subscribers share their account credentials with someone outside of their household. The result of all this mooching for streamers? Lost revenue and a beating from Wall Street.

Password sharing results in millions of dollars in lost revenue. According to one study, Netflix lost a mind-blowing $135 million a month in 2019 due to account sharing. Considering the company’s remarkable growth in the last two years, that figure has undoubtedly increased. To make matters worse, Wall Street relies heavily on subscriber growth targets as a metric to measure a streamer’s financial success. When Netflix missed its subscriber growth target in Q1 2021, for example, its stocks plunged 7.5%. Although executives of the various streamers regularly downplay the effect account sharing has on the bottom line, most analysts agree that as competition between the growing number of streamers heats up, policies to curb password sharing will inevitably follow. 

Because sharing passwords with individuals outside of one’s household violates all of the major streamer’s terms and conditions, streamers have taken steps, albeit small ones, to curb this practice. Today, for example, streamers limit the number of screens an account works on simultaneously. Netflix even offers a tiered pricing system where consumers can pay extra to “increase the number of screens you can watch on.” Of course, simultaneous streaming is only the tip of the iceberg when it comes to account sharing activity, as it’s relatively rare for multiple households who are sharing one account to watch a streamer at the same time. A more holistic and effective approach to preventing account sharing will require more stringent cybersecurity measures.

Although streamers have experimented with more ambitious ways to prevent account sharing during trials, they have stopped short in actually implementing them because of the outrage they elicited from loyal customers. E.g., when Netflix, in a limited trial, merely sent a warning prompt urging customers suspected of password sharing to create their own accounts, the public outcry was fierce, even prompting a screenshot of the message to go viral on Twitter. In light of public sentiment, streamers must walk a fine line between limiting revenue leakage by curbing password sharing and appeasing existing loyal customers who view password sharing as a harmless practice.

If and when streamers decide to clamp down on password sharing, they will need to implement a solution that is familiar to customers and adds as little friction as possible to the account’s rightful owners. After all, what could be more infuriating than sitting down to watch your favorite show after a long day only to be required to jump through multiple security checkpoints? One-time passwords (OTP) and Instant Link™ are two solutions under the 2FA umbrella that could put a stop to password-sharing. 

While one-time passwords, or OTPs, are being phased out of high-risk transactions such as money transfers, they could serve as a powerful deterrent in lower-risk use-cases such as the one described above. Here’s how it could work: When a streaming service identifies a login on an unfamiliar IP address, it will send a one-time password to the user’s registered cellphone. If the rightful owner is merely on a work trip or taking a vacation, they will easily enter the password into their streaming device. However, if the viewer were using their friend’s account, they would have to contact their friend and ask for the one-time password, which is awkward and annoying. The one-time password then acts as a social deterrent, making account holders less likely to share their passwords moving forward. 

Instant Link, a more modern form of two-factor authentication, works similarly to OTPs but is more secure and frictionless. In this scenario, account-holders would simply have to click on the link texted to them rather than key in a one-time password. Although Instant Link provides better security and is more convenient, it could entirely curtail password sharing. Because many consumers view their streaming accounts as a commodity to be shared with as many people as possible, there is the potential that account-holders would be unhappy if such a hard restriction were to be imposed. Ultimately, each streamer will have to strike a balance between creating friction for individuals using someone else’s password and ensuring ease of use for account holders.

Both forms of two-factor authentication are a compelling option to streamers eager to curb password sharing without frustrating customers. Expect to see the use of one-time passwords and Instant Links proliferate as companies jump on this trend. 

Get in touch