Can Cloud Services Encourage Better Login Security? Netflixs Accidental Model

Netflixs unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?

This month, Netflix stumbled backward into a policy that may have
lasting security benefits for users
. Its accidental pro-customer safety move could be an object lesson for other business-to-consumer (B2C) organizations looking to improve customer account security.
The streaming giant brought its
new household policy
to US customers on May 23. From now on, accounts will be restricted to a single Wi-Fi network and related mobile devices (with certain exceptions). Its a shot in the arm to cure a
post-COVID
hangover, boosting user growth after
months of stagnation
and investor skittishness.
By happenstance, the policy may also improve streamers account security, by eliminating the
common practice of password sharing
.
Sharing a password undermines control over who has access to an account, potentially leading to unauthorized use and account compromise, explains Craig Jones, vice president of security operations at Ontinue. Once shared, a password can be further distributed or changed, locking out the original user. Worse yet, if the shared password is used across multiple accounts, a malicious actor could gain access to all of them. The practice of sharing passwords can also make users more susceptible to phishing and social engineering attacks.
With its new policy, Netflix is showing how companies can, intentionally or not, nudge or outright force their users to adopt better login practices.
But positively influencing customer behavior isnt always as simple as it seems.
One corner of the tech industry has long since figured out how to help users log in securely, without compromising on their experience: the mobile phone arena.
For years, smartphone users were
choosing rudimentary passcodes
out of sheer laziness or forgetfulness. That started to change in 2013 when, taking a page from the
Pantech GI100
, Apple introduced TouchID for the iPhone 5S. Facial recognition technology
wasnt quite ready at that point yet
, but FaceID, too, would soon make it even easier for users to log in securely, without slowing anything down.
Ideal as biometric login is, says John Gilmore, head of research at DeleteMe, most companies dont have such a ready fix available to them.
Face unlock on iPhones is an example of how this can be done in practice, but it is contingent on a specific device. For services which rely on users being able to access a service on multiple platforms, it is not yet feasible, he says.
The core problem is that, when it comes to services, secure authentication often comes at a cost to usability.
Online services tend to resist implementing stronger security protocols because they see that it complicates the user experience. If you create a multistep barrier to entry, such as two-factor authentication (2FA), it is less likely people will actually engage with your platform, Gilmore says.
Does this tradeoff necessarily condemn service providers to either clunkiness or insecurity? Not necessarily, experts say.
In recent years, service providers have been experimenting with new ways to guide their users to the light.
Adding user-friendly security features, such as password strength meters, and password change reminders, can further promote safe practices, Ontinues Jones says.
And companies can do more with their login pages. Like the warnings on cigarette packages, direct interaction points, like login or account setup, offer opportunities to provide security tips and reminders, he adds.
Lastly, Jones says, incentivizing secure behavior with benefits such as discounts or additional features can be an effective way to promote secure practices.
Incentivization can work with a carrot or a stick.
One company that has succeeded in the former is Epic Games, the developer behind the online game Fortnite. Following a string of
security

incidents
affecting thousands of the games (often quite young) players, Epic created new
in-game rewards
for players who set up two-factor authentication (2FA) on their accounts.
Never before have so many kids boogied down over proper cyber hygiene!
Boogie Down emote, free with 2FA. Source: Epic Games
And for a case study in the stick, consider Twitter. On Feb. 15, Twitter announced that it would
limit SMS-based 2FA only to paid subscribers
.
As Darren Guccione, CEO and co-founder at Keeper Security explains: The decision was met with
mixed emotions in the cybersecurity community
, as it appeared to discourage the use of a critical second layer of security. However, Twitter’s new default for standard accounts was changed to authenticator app or security key, which are both stronger and more secure options than SMS 2FA.
Whats clear across all of these examples is that companies have great power to sway how their users engage with their own security.
Ultimately, Guccione concludes, the ethical obligation falls on the leaders of these companies to encourage and usher in changes that will protect their customers in the long run.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Can Cloud Services Encourage Better Login Security? Netflixs Accidental Model