SaaS subscriber password sharing: Netflix’s identity problem and how to fix it
By Mike Vesey, Founder and CEO of IdRamp
My name is Mike Vesey. But how does a software as a service (SaaS) company KNOW that I’m who I say I am?
Chances are, it is through some combination of a challenge question and answer. It might start with a username and password, and maybe add in multi-factor authentication with a dash of encryption in for good measure.
But even now, how can we be sure that the real Mike Vesey is the person accessing the SaaS provider?
Answer: we can’t.
Anyone with access to the real Mike Vesey’s username and password can use any of Mike’s subscriptions. And this irreducible problem is an increasing, seemingly intractable, cost for SaaS providers.
Netflix subscriber problems and the privacy preserving solution
Step forward Netflix. The streaming giant recently announced it had lost 200,000 subscribers, and the news contributed to a 75 percent drop in share value from its peak with fears that subscriber growth had reached its limits. But, according to Netflix, more than 100-million households are using a shared password, including 30 million in the U.S. and Canada.
This represents an enormous reservoir of monetizable users and an obvious way to restore share value if the sharing of user login details can be cracked —if Mike Vesey’s friend isn’t pretending to be Mike Vesey to watch Stranger Things.
The plan for Netflix to fix their subscription sharing centers around charging a fee for subscribers who share accounts with people outside of their households.
Simple in theory, but, so far stumbling in practice: The pilot program tested in Costa Rica, Chile, and Peru found that the new fees are confusing to users, who noted a lack of clarity around Netflix’s definition of “household;” and while some users canceled their subscriptions altogether, others claimed that they were able to ignore the new policy and continue to share passwords.
The answer to Netflix’s problem is not “more rules and fees for users,” it’s a much simpler solution that simultaneously protects its content and revenue from freeloading dilution and improves customer experience.
The answer is verifiable credentials and connection-based identity.
Using a decentralized approach to identity means the end of login and password-based authentication as we know it.
Instead of using a login and password that can be stolen or mis-used, each subscriber would be issued with a unique, cryptographically verifiable, digital credential. Holding a login credential on a mobile device would not only make sharing credentials outside of households nearly impossible but would also lead to a better user experience.
Retiring the use of the loathsome password and login that can easily be shared or stolen, a subscriber would be issued their own verifiable credential and could log into Netflix with a tap of an app.
Lessons learned for Netflix and other SaaS providers
Effective identity management systems that deliver greater security and a better login experience and protect revenue are easy to adopt, especially if you keep a few things in mind:
- Use the buzz around Web3 and Web5 to your advantage
When you get past the hype, Web3 and Web 5.0 signal the coming end of traditional ways of authentication. Decentralized identity solutions are no longer promises, they’re now marketplace products — and the number of deployments are growing all across the globe.
Lean into this wave. Rather than throwing down new regulations that may potentially erode customer confidence, build trust with your customers. Educate them about the new, better way for them to exist online. Connection-based identity kills the password and makes password resets and multi-factor authentication a thing of the past. By offering a better customer experience, you’ll solve the fundamental problem of login by granting specific access to a specific credential. Reduce fraud and user friction while increasing privacy and security.
- If it costs a fortune to scale, forget about it
Digital security takes a significant portion of the yearly operating budget of many SaaS providers. With a waterfall of new authentication solutions on the menu for many of the most reputable identity providers (IDPs) including biometrics, 2FA, MFA, and document proofing. These methods offer important security benefits, but they increase cost while not actually solving the underlying problem of a SAAS service built on centralized usernames and passwords.
Also consider the cost to scale that type of identity system. You may have 20, or 200, or 2,000 customers today, but what happens when you have 2,000,000 in the future? These identity costs add up quickly. Connection-based decentralized identity is inexpensive compared to traditional identity services and scales rapidly while delivering massive cost savings on existing technology.
- Systems of all levels of maturity can benefit from innovation
In the nearly three-decades working in the identity security industry, I’ve seen some of the largest enterprise organizations continue to operate on a patchwork of identity systems that leave them vulnerable to fraud and open to security attacks. And for enterprises that feel confident relying on the latest, most expensive products from leading IDPs, attacks on centralized authorities are growing every day.
Enterprises and businesses of all sizes can adopt connection-based decentralized identity today for safer, more cost-effective identity. The technology is incredibly easy to integrate into existing systems and can be implemented with low or no code.
Prepare for the future
Every forward-looking company with subscription-based business models will reach a point where they must sell investors on future growth and subscriber numbers while also looking at the maturity of their platforms, products, and systems.
The authentication revolution is happening now. Connection-based decentralized identity provides the opportunity for SaaS providers of all sizes to lock down their subscriber revenue, remove the friction of passwords and multi-factor authentication, improve security, and significantly reduce the overall cost of identity management.
About the author
About Mike Vesey, Mike is on a mission to provide transformational digital solutions for the global enterprise. He has developed award-winning products in unified communications, service operations, security, identity, and data management. Mike has deployed complex identity integrations with some of the world’s largest organizations. He is the Founder and CEO of IdRamp, providing a decentralized identity platform delivering easy to implement orchestration, password elimination, verifiable credentials, blockchain ID, and service delivery.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.