FB pixel

SaaS subscriber password sharing: Netflix’s identity problem and how to fix it

How consumer SaaS and streaming providers can protect both customers and revenue
SaaS subscriber password sharing: Netflix’s identity problem and how to fix it
 

By Mike Vesey, Founder and CEO of IdRamp

My name is Mike Vesey. But how does a software as a service (SaaS) company KNOW that I’m who I say I am?

Chances are, it is through some combination of a challenge question and answer. It might start with a username and password, and maybe add in multi-factor authentication with a dash of encryption in for good measure.

But even now, how can we be sure that the real Mike Vesey is the person accessing the SaaS provider?

Answer: we can’t.

Anyone with access to the real Mike Vesey’s username and password can use any of Mike’s subscriptions. And this irreducible problem is an increasing, seemingly intractable, cost for SaaS providers.

Netflix subscriber problems and the privacy preserving solution

Step forward Netflix. The streaming giant recently announced it had lost  200,000 subscribers, and the news contributed to a 75 percent drop in share value from its peak with fears that subscriber growth had reached its limits. But, according to Netflix, more than 100-million households are using a shared password, including 30 million in the U.S. and Canada.

This represents an enormous reservoir of monetizable users and an obvious way to restore share value if the sharing of user login details can be cracked —if Mike Vesey’s friend isn’t pretending to be Mike Vesey to watch Stranger Things.

The plan for Netflix to fix their subscription sharing centers around charging a fee for subscribers who share accounts with people outside of their households.

Simple in theory, but, so far stumbling in practice: The pilot program tested in Costa Rica, Chile, and Peru found that the new fees are confusing to users, who noted a lack of clarity around Netflix’s definition of “household;” and while some users canceled their subscriptions altogether, others claimed that they were able to ignore the new policy and continue to share passwords.

The answer to Netflix’s problem is not “more rules and fees for users,” it’s a much simpler solution that simultaneously protects its content and revenue from freeloading dilution and improves customer experience.

The answer is verifiable credentials and connection-based identity.

Using a decentralized approach to identity means the end of login and password-based authentication as we know it.

Instead of using a login and password that can be stolen or mis-used, each subscriber would be issued with a unique, cryptographically verifiable, digital credential. Holding a login credential on a mobile device would not only make sharing credentials outside of households nearly impossible but would also lead to a better user experience.

Retiring the use of the loathsome password and login that can easily be shared or stolen, a subscriber would be issued their own verifiable credential and could log into Netflix with a tap of an app.

Lessons learned for Netflix and other SaaS providers

Effective identity management systems that deliver greater security and a better login experience and protect revenue are easy to adopt, especially if you keep a few things in mind:

  1. Use the buzz around Web3 and Web5 to your advantage

When you get past the hype, Web3 and Web 5.0 signal the coming end of traditional ways of authentication. Decentralized identity solutions are no longer promises, they’re now marketplace products — and the number of deployments are growing all across the globe.

Lean into this wave. Rather than throwing down new regulations that may potentially erode customer confidence, build trust with your customers. Educate them about the new, better way for them to exist online. Connection-based identity kills the password and makes password resets and multi-factor authentication a thing of the past. By offering a better customer experience, you’ll solve the fundamental problem of login by granting specific access to a specific credential. Reduce fraud and user friction while increasing privacy and security.

  1. If it costs a fortune to scale, forget about it 

Digital security takes a significant portion of the yearly operating budget of many SaaS providers. With a waterfall of new authentication solutions on the menu for many of the most reputable identity providers (IDPs) including biometrics, 2FA, MFA, and document proofing. These methods offer important security benefits, but they increase cost while not actually solving the underlying problem of a SAAS service built on centralized usernames and passwords.

Also consider the cost to scale that type of identity system. You may have 20, or 200, or 2,000 customers today, but what happens when you have 2,000,000 in the future? These identity costs add up quickly. Connection-based decentralized identity is inexpensive compared to traditional identity services and scales rapidly while delivering massive cost savings on existing technology.

  1. Systems of all levels of maturity can benefit from innovation

In the nearly three-decades working in the identity security industry, I’ve seen some of the largest enterprise organizations continue to operate on a patchwork of identity systems that leave them vulnerable to fraud and open to security attacks. And for enterprises that feel confident relying on the latest, most expensive products from leading IDPs, attacks on centralized authorities are growing every day.

Enterprises and businesses of all sizes can adopt connection-based decentralized identity today for safer, more cost-effective identity. The technology is incredibly easy to integrate into existing systems and can be implemented with low or no code.

Prepare for the future

Every forward-looking company with subscription-based business models will reach a point where they must sell investors on future growth and subscriber numbers while also looking at the maturity of their platforms, products, and systems.

The authentication revolution is happening now. Connection-based decentralized identity provides the opportunity for SaaS providers of all sizes to lock down their subscriber revenue, remove the friction of passwords and multi-factor authentication, improve security, and significantly reduce the overall cost of identity management.

About the author

About Mike Vesey, Mike is on a mission to provide transformational digital solutions for the global enterprise. He has developed award-winning products in unified communications, service operations, security, identity, and data management. Mike has deployed complex identity integrations with some of the world’s largest organizations. He is the Founder and CEO of IdRamp, providing a decentralized identity platform delivering easy to implement orchestration, password elimination, verifiable credentials, blockchain ID, and service delivery.

DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics outlook mostly sunny with periods of deepfakes

Biometrics forecasts are among the most-read stories of the week on Biometric Update. Goode Intelligence sees revenues for the biometrics…

 

FBI seeks vendors for its Somalia ABIS

The Federal Bureau of Investigation (FBI), through its Criminal Justice Information Services (CJIS) Division, has issued a Request for Information…

 

ID.me bolsters board, Identiv names SVP

ID.me has appointed Brian Robins and William “Bill” Welch as independent members to its Board of Directors. Robins, GitLab CFO and…

 

GSA has Section 508 concerns, Idemia touts accessibility advantage for Login.gov

In an announcement noting its inclusion in a $194.5 million blanket purchase agreement (BPA) from the U.S. General Services Administration…

 

Updated Innovatrics ABIS algorithm takes back rank 1 in latent accuracy evaluation

An updated biometric algorithm for latent fingerprint identification from Innovatrics has landed at the top of the U.S. government’s Evaluation…

 

Mexican state biometric population registry sees high acceptance

The Mexican state of Veracruz is seeing high levels of interest from its population in the biometric version of the…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events