Netflix made a policy error last month that might provide consumers with long-term security benefits. For other business-to-consumer (B2C) firms wishing to enhance client account security, this unintentional pro-customer safety action may serve as a lesson.
On May 23, the streaming giant made its new "household" policy available to US consumers. Accounts will now be limited (with few exceptions) to a single Wi-Fi network and associated mobile devices. After months of stagnation and investor apprehension, it's a shot in the arm to treat the aftereffects of COVID and promote user growth.
By banning the widespread practise of password sharing, the restriction may unintentionally enhance streamers' account security.
"Sharing a password undermines control over who has access to an account, potentially leading to unauthorized use and account compromise," stated Craig Jones, vice president of security operations at Ontinue. "Once shared, a password can be further distributed or changed, locking out the original user. Worse yet, if the shared password is used across multiple accounts, a malicious actor could gain access to all of them. The practice of sharing passwords can also make users more susceptible to phishing and social engineering attacks."
With this new policy, Netflix is demonstrating how businesses may encourage or simply force its users to adopt better login practices, whether on purpose or not. However, changing client behaviour for the better isn't always as easy as it looks.
Use of the gold biometric standard restricted for cloud services
The mobile phone business is one area of tech that has long since found out how to assist users in logging in safely without sacrificing their experience.
Smartphone users have been selecting simple passcodes for years simply out of laziness or forgetfulness. When Apple debuted TouchID for the iPhone 5S in 2013, drawing inspiration from the Pantech GI100, things started to change. FaceID will soon make it even simpler for consumers to check in securely without slowing down anything, even if facial recognition technology wasn't nearly available at that point.
Even if biometric login is ideal, most businesses lack access to a ready-made solution, according to John Gilmore, head of research at DeleteMe.
"'Face unlock' on iPhones is an example of how this can be done in practice, but it is contingent on a specific device. For services which rely on users being able to access a service on multiple platforms, it is not yet feasible," he explained.
The main issue is that secure authentication frequently reduces usability when it comes to services.
"Online services tend to resist implementing stronger security protocols because they see that it complicates the user experience. If you create a multistep barrier to entry, such as two-factor authentication (2FA), it is less likely people will actually engage with your platform," Gilmore added.
Does this arrangement compel service providers to be clunky or unreliable? Experts argue against this.
How to promote better account security behaviours
Both a carrot and a stick can be used for motivation. Epic Games, the maker of the online game Fortnite, is one business that has achieved success in the former. Epic developed new in-game awards for players who enabled two-factor authentication (2FA) on their accounts after a succession of security problems that affected thousands of the game's (sometimes very young) users.
Never before have so many children "boogied down" over good internet behaviour!
Consider Twitter as a case study in practise. Twitter said on February 15 that SMS-based 2FA would only be available to paid members.
The decision was received with mixed feelings in the cybersecurity world because it seemed to discourage the usage of a crucial second layer of security, as explained by Darren Guccione, CEO and co-founder of Keeper Security. Although SMS 2FA is still an option, Twitter has switched to using the authenticator app or security key as the default for ordinary accounts.
All of these instances show that businesses have a significant amount of control over how their customers interact with their security.
All of these instances show that businesses have a significant amount of control over how their customers interact with their security.
In the end, Guccione says, "the ethical responsibility falls on the leaders of these companies to support and usher in changes that will ultimately protect their customers."
