FB pixel

SaaS subscriber password sharing: Netflix’s identity problem and how to fix it

How consumer SaaS and streaming providers can protect both customers and revenue
SaaS subscriber password sharing: Netflix’s identity problem and how to fix it

By Mike Vesey, Founder and CEO of IdRamp

My name is Mike Vesey. But how does a software as a service (SaaS) company KNOW that I’m who I say I am?

Chances are, it is through some combination of a challenge question and answer. It might start with a username and password, and maybe add in multi-factor authentication with a dash of encryption in for good measure.

But even now, how can we be sure that the real Mike Vesey is the person accessing the SaaS provider?

Answer: we can’t.

Anyone with access to the real Mike Vesey’s username and password can use any of Mike’s subscriptions. And this irreducible problem is an increasing, seemingly intractable, cost for SaaS providers.

Netflix subscriber problems and the privacy preserving solution

Step forward Netflix. The streaming giant recently announced it had lost  200,000 subscribers, and the news contributed to a 75 percent drop in share value from its peak with fears that subscriber growth had reached its limits. But, according to Netflix, more than 100-million households are using a shared password, including 30 million in the U.S. and Canada.

This represents an enormous reservoir of monetizable users and an obvious way to restore share value if the sharing of user login details can be cracked —if Mike Vesey’s friend isn’t pretending to be Mike Vesey to watch Stranger Things.

The plan for Netflix to fix their subscription sharing centers around charging a fee for subscribers who share accounts with people outside of their households.

Simple in theory, but, so far stumbling in practice: The pilot program tested in Costa Rica, Chile, and Peru found that the new fees are confusing to users, who noted a lack of clarity around Netflix’s definition of “household;” and while some users canceled their subscriptions altogether, others claimed that they were able to ignore the new policy and continue to share passwords.

The answer to Netflix’s problem is not “more rules and fees for users,” it’s a much simpler solution that simultaneously protects its content and revenue from freeloading dilution and improves customer experience.

The answer is verifiable credentials and connection-based identity.

Using a decentralized approach to identity means the end of login and password-based authentication as we know it.

Instead of using a login and password that can be stolen or mis-used, each subscriber would be issued with a unique, cryptographically verifiable, digital credential. Holding a login credential on a mobile device would not only make sharing credentials outside of households nearly impossible but would also lead to a better user experience.

Retiring the use of the loathsome password and login that can easily be shared or stolen, a subscriber would be issued their own verifiable credential and could log into Netflix with a tap of an app.

Lessons learned for Netflix and other SaaS providers

Effective identity management systems that deliver greater security and a better login experience and protect revenue are easy to adopt, especially if you keep a few things in mind:

  1. Use the buzz around Web3 and Web5 to your advantage

When you get past the hype, Web3 and Web 5.0 signal the coming end of traditional ways of authentication. Decentralized identity solutions are no longer promises, they’re now marketplace products — and the number of deployments are growing all across the globe.

Lean into this wave. Rather than throwing down new regulations that may potentially erode customer confidence, build trust with your customers. Educate them about the new, better way for them to exist online. Connection-based identity kills the password and makes password resets and multi-factor authentication a thing of the past. By offering a better customer experience, you’ll solve the fundamental problem of login by granting specific access to a specific credential. Reduce fraud and user friction while increasing privacy and security.

  1. If it costs a fortune to scale, forget about it 

Digital security takes a significant portion of the yearly operating budget of many SaaS providers. With a waterfall of new authentication solutions on the menu for many of the most reputable identity providers (IDPs) including biometrics, 2FA, MFA, and document proofing. These methods offer important security benefits, but they increase cost while not actually solving the underlying problem of a SAAS service built on centralized usernames and passwords.

Also consider the cost to scale that type of identity system. You may have 20, or 200, or 2,000 customers today, but what happens when you have 2,000,000 in the future? These identity costs add up quickly. Connection-based decentralized identity is inexpensive compared to traditional identity services and scales rapidly while delivering massive cost savings on existing technology.

  1. Systems of all levels of maturity can benefit from innovation

In the nearly three-decades working in the identity security industry, I’ve seen some of the largest enterprise organizations continue to operate on a patchwork of identity systems that leave them vulnerable to fraud and open to security attacks. And for enterprises that feel confident relying on the latest, most expensive products from leading IDPs, attacks on centralized authorities are growing every day.

Enterprises and businesses of all sizes can adopt connection-based decentralized identity today for safer, more cost-effective identity. The technology is incredibly easy to integrate into existing systems and can be implemented with low or no code.

Prepare for the future

Every forward-looking company with subscription-based business models will reach a point where they must sell investors on future growth and subscriber numbers while also looking at the maturity of their platforms, products, and systems.

The authentication revolution is happening now. Connection-based decentralized identity provides the opportunity for SaaS providers of all sizes to lock down their subscriber revenue, remove the friction of passwords and multi-factor authentication, improve security, and significantly reduce the overall cost of identity management.

About the author

About Mike Vesey, Mike is on a mission to provide transformational digital solutions for the global enterprise. He has developed award-winning products in unified communications, service operations, security, identity, and data management. Mike has deployed complex identity integrations with some of the world’s largest organizations. He is the Founder and CEO of IdRamp, providing a decentralized identity platform delivering easy to implement orchestration, password elimination, verifiable credentials, blockchain ID, and service delivery.

DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


Secure Technology Alliance launches template for using mobile driver’s licenses

Get used to the idea of your phone as your driver’s license. The ecosystem for mobile driver’s licenses (mDLs) continues…


Biometric identity verification launches and deals show diversity of approaches

The biometric identity verification market covers a wide variety of sectors and use cases, but the breadth is not just…


Decentralized digital identity is spreading as fresh use cases emerge

A recent post on Forrester’s website, written by VP and Principal Analyst Andras Cser, dips into how travel and mobile…


Cameroon building Digital Transformation Center to manage digital consular services

As part of a process launched last year by the government of Cameroon to modernize its consular services including the…


UK digital visas to fully replace physical immigration documents by 2025

In the UK, the Home Office has announced that it will invite those with physical immigration documents to create a…


iBeta biometric PAD evaluations grow in global prominence

Compliance with biometric presentation attack detection standards has become table stakes for numerous applications of face biometrics in particular, and…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events