Media Companies Learn Nothing From Past 25 Years

[Joe Hass]

They're going to "crack down" on password sharing, though how they're going to do this in a way that isn't going to absolutely piss off honest customers is news to me.

https://www.bloomberg.com/news/articles/2019-11-08/netflix-hbo-and-cable-giants-are-coming-for-password-cheats

[David Bruggeman]

I suspect two-factor authentication (where the password would be the first step, followed by a code sent to the actual account holder that has to be submitted as well) would be a way to address this.  It's not foolproof, but it would make it harder to share access.

David

On Sunday, November 17, 2019, 7:17:13 PM EST, Joe Hass <hassg...@gmail.com> wrote:

They're going to "crack down" on password sharing, though how they're going to do this in a way that isn't going to absolutely piss off honest customers is news to me.

https://www.bloomberg.com/news/articles/2019-11-08/netflix-hbo-and-cable-giants-are-coming-for-password-cheats

--
You received this message because you are subscribed to the Google Groups "TVorNotTV" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tvornottv+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tvornottv/CABru7%2BfZ_%2Bupqk4q9ThhxBpMwXnqSwu%2BK2-1f0z80zMkgBeUoQ%40mail.gmail.com.

[Adam Bowie]

It's not hard to think lots of ways to stop a certain amount of this. 

Limiting the number of simultaneous users should be easy - Netflix obviously does this. But if you then roll in recognised IP addresses or general locations, then you could quickly require a further 2-factor identification-style or even email requirement. Netflix already tells me when I log in from somewhere it's not seen before. It then emails me to let me know. If it also made me click an "It's me" button then that probably wouldn't be a hardship.

Some of this will probably involve tightening Ts&Cs. Should you need to reside at the same address to share a password? That's the rule that Spotify has for its family plan. But students away from home, or kids using their parents' logins are more complicated. And then there are families that are separated through no fault of their own - perhaps work keeps them apart for some of their time.

I suspect that the companies will roll all this stuff out slowly. They don't want to annoy customers, but you tighten up a little here, and make people jump through a few more hoops there. Do you get new sign ups as a result? Or lose them?

Adam

To view this discussion on the web visit https://groups.google.com/d/msgid/tvornottv/1652168659.1084224.1574057947480%40mail.yahoo.com.

[Joe Hass]

Multi-factor authentication and user experience: now we're in my wheelhouse!

So here's where things get awkward: if you're not explicit with users as to why they're being forced to do the MFA dance, they're going to get irritated really quick, *especially* if what's being asked of them is what they consider to be a legitimate log in request. We on this list are likely significantly more tech savvy users. Most people, faced with having to go through some sort of significant additional authentication, are going to walk away frustrated at best.

Further, it's now going to be up to the companies to have to pull together the appropriate data needed to build an effective MFA. Most only have an email address, requiring using that path (which if a user hasn't set up email on their phone is going to be even more of a pain in the ass).

What would need to happen is a pretty strong educational campaign by these companies to users explaining what is happening and why. Take it from professional experience: when you spring crap on customers who aren't expecting it (*especially* when they really haven't done anything wrong), it blows up in your face quick.

Joe Hass

To view this discussion on the web visit https://groups.google.com/d/msgid/tvornottv/CAD_sJGB8OCCxn%3D%2B6UUxpQozCJLJM_kTL_ZUK47b33AKQA5N4Wg%40mail.gmail.com.

[Adam Bowie]

I think that Steam is an interesting case in point here. For those unfamiliar, it's a service that lets you buy and download PC games. If you change computers, it's relatively easy to re-download games, or to delete them temporarily from your machine if you're out of space, and then download them again later (perhaps switching in and out of games).

I mention it because it's fairly hot about logins that are from different machines, or even familiar devices it's not seen for a while. You will commonly be asked to re-authenticate yourself via an emailed code.

But the point of this is that if you're using your connected TV Netflix app to nearly always watch Netflix, then you probably won't be asked to re-authenticate. It's only when they spot "suspicious" behaviour on your account that they ask you to do this. I reckon that if they're smart, they can flush out a few unathorised password sharers. 

I suspect that it'll be a very subtle thing. 

Don't forget the likes of Netflix are already discontinuing support on some older devices, so they are prepared to make life a little difficult for some of their users. And these companies are pretty smart about testing things amongst discreet sets of users or in specific markets. I'm led to believe that Netflix does this a lot. Try something, see what the reaction is, and then decide whether it needs to be killed, tweaked, or rolled out further.

Adam

To view this discussion on the web visit https://groups.google.com/d/msgid/tvornottv/CABru7%2BdnqY%2Bs%2BsvVVjWnQghp09ayCzAuaKtaEJKTrMem6QMWfQ%40mail.gmail.com.

[Joe Hass]

I'd argue that Steam is a very niche market with a much more advanced user base when compared to Hulu, Netflix, and Disney Plus.

As for discontinuing support on devices, that's not nearly as disruptive from a user perspective as trying to accessing a product and having to jump through additional hoops you didn't think you had to. That's where this all falls apart.

To view this discussion on the web visit https://groups.google.com/d/msgid/tvornottv/CAD_sJGDiPxQTt-LsKg_J0W-H4JKRkO78coyZJSS7hVY6ZpLjPA%40mail.gmail.com.