Thursday, May 5, is World Password Day 2016. For the fourth year, you’ll surely see plenty of articles reminding you why you should change all of your passwords—a strong and unique password for every site where you login—and to start using a password manager if you don’t do so yet. I still highly encourage you to get 2FA for Mother’s Day.
Intel/McAfee is again trying to persuade people to tweet a password confession. While I’m not encouraging you to do so, I would like to pick two as examples.
World Password Day is as good a day as any to talk about password sharing.
Ah, yes, being in love is where password sharing may start. Or it could be a roommate or friend asking for your password so they can watch some show. I’m not concerned with whether or not password sharing costs video on demand (VOD) services $500 million worldwide in 2015, or if 46 percent of American adults share logins for streaming media services with people who are not part of their household. But because the service is shared, that password might be one you hesitate to update to something new. At the rate that companies get hacked, that is an especially dangerous practice for people who reuse the same blasted password on other sites.
ConsumerReports gave an example of how, for several years, an entire family had been logging into HBO Go using the credentials of a sister’s ex-boyfriend. Apparently the breakup was amicable, or the guy who paid for HBO Go didn’t believe in changing his password. The latter is the most likely, as nearly half of the people in one poll admitted to not changing their password for five years.
A different study found that although “78 percent believe that it’s risky to share passwords with family members, 37 percent are likely to do so. The majority of respondents (54 percent) also admit to sharing their login information with family members so they can access their computers, smartphones and tablets.” It's unrealistic to think password sharing doesn't happen.
Share but follow good security practices
Regarding the claim that a third of American Netflix watchers are moochers, Netflix CEO Reed Hastings isn’t too worried about it. At CES this year, Hastings said, “We love people sharing Netflix. That’s a positive thing, not a negative thing.”
Netflix handles shared passwords for streaming by limiting the number of simultaneous streams, not IP addresses accessing accounts. Currently it costs $9.99 to watch Netflix on two screens at the same time, or $11.99 for four.
If you share your password and don’t hit the streaming limit, you might not remember to change the password after a breakup. Amazon Prime previously was accused of not breaking up with your ex when you do, but there was a change to how Prime operated last year and an option was added to remove an adult from your household. Otherwise, like Netflix, Prime handles shared passwords for streaming by limiting the number of simultaneous streams.
HBO CEO Richard Plepler previously said HBO was not unmindful of password sharing, but “it just has no impact on the business.” In fact, he called it a “terrific marketing vehicle for the next generation of viewers. We’re in the business of creating addicts.”
Then last year, Emmy Award show host Andy Samberg went so far as to share his HBO Now account credentials with everyone watching. While HBO is not too specific about the precise number of simultaneous streams allowed for HBO Now—other than a “subscription applies to your entire household”—it does have a limit, as it has a help page for subscribers who get simultaneous stream error warnings.
Hulu and Dish’s Sling TV allow only one stream at a time per account, so password sharing isn’t as likely to happen. You should still change those passwords.
It’s not the smartest security/privacy move you could make, but I don’t care if you share your VOD password with others. Keep in mind, however, that it is tied to an account tied to financial information to pay for it. I do care if you don’t change that password regularly. If you share, then give those people the new password. What are they going to do, grumble excessively for needing to update the password they use to watch free TV? If someone else mooched the password from them, or if an ex was using it, do you really care if they get cut off?
The video below is about password sharing, but it has some cussing so if that upsets you, don’t watch it.
Impossible password prank
Hopefully you change your passwords more often than once a year. Hopefully you will change your shared password for your streaming accounts. When you do, please steer clear of the worst passwords such as “123456” or “password.”
If you don’t like password managers, you should try to create a password with no fewer than eight characters, preferably at least 12, with a mix of numbers, symbols, capital and lowercase letters. Intermixing those in a phrase is even better. Using a sentence, or a phrase, will make unique passwords easier to remember. For example, Level 3 said the password “OnceUponATime” could be changed to “0nce3Up0nAT!M3.”
But we’ve all visited websites with varying password rules for length and the use of special characters. That brings us to the second “password confession.”
If the person couldn’t figure out the rules to create a new password in two tries without giving up, then imagine the frustration experienced by the people in impossible password prank.
Please change your passwords!