PersonalBusinessDownloadPricingHelpBlogContact
Get Started
Log In
PersonalBusinessDownloadPricingHelpBlogContactBusiness SalesGet StartedLog In

The Bitwarden Blog

Industry Leaders Security Rankings: Streaming Services Edition

authored by:

Bitwarden

posted on:

September 6, 2022

When using streaming services, do you find that you can easily utilize strong and unique passwords?

Following the same end user research-driven approach we leveraged for the Banking Edition and Social Media Edition, we recently explored streaming services. We narrowed our research list to the top 5 streaming services in the United States ranked by total users, which we identified as Netflix, Amazon Prime, Disney+, Peacock, and HBO Max. From there, we determined criteria to evaluate password security friendliness, tested the criteria, and now present the findings with a numerical grading system.

The movie-going, cable-reliant era is dying, if not near-dead. More and more people are hunkering down in front of the TV to consume content that falls under every genre imaginable. With that comes much more frequent use of usernames and passwords as users log into services - and in many cases, multiple services. According to a recent FinanceBuzz survey, 24% of households report paying for at least three additional streaming services than they did one year ago — another 21% are now paying for two more streaming services.

So, how are streaming services enabling (or not) the password security postures of their customers? We dive in below.

hashtagCriteria

The criteria used to assess password security are:

Does the streaming service limit password length?

This is not a good thing. Experts advise passwords be strong and unique, with strength being best determined by long, random passwords, such as 14 characters or more. In our note on How secure is my password we share, "Short passwords are far more susceptible to a brute force attack, where a computer or malicious software program goes through every 8-digit combination (or more) of characters until it finds a match."

Plus, password managers - which help people generate, store, and manage passwords - can generate much longer passwords for enhanced security that may exceed the streaming service's length limit.

Does the streaming service allow users to paste and autofill passwords?

This is a good thing. Password pasting enables the use of password managers, and autofill enables fast and easy logins.

Does the streaming service offer two-factor authentication (2FA)?

This is a good thing. As we’ve said time and time again, two-factor authentication is more secure than simply using a username and password.

Does the streaming service allow authenticator apps? Does the streaming service allow authenticator hardware?

These are both good. Authenticator apps and hardware add extra levels of strong protection and are more secure than SMS text messages.

Does the streaming service send an email informing the user of a password reset? Does the streaming service require the user to login again using the new password?

These are both practical steps. It’s prudent to alert users to a password change they may not have authorized. Requiring them to login again is a security best practice.

hashtagPassword Security Scoring System

The assessment includes a grade for each company. To determine the grade, we assigned either an ✅ (good) and an ⛔ (not good) to the seven questions articulated above. For example, 7/7 ✅ is a perfect score, or 100%. A 5/7 is 71%, which is defined as ‘fair’.

Below is a simple guide to the grading. Below that, you’ll see the grades for each bank.

hashtagGrading Guide

85-100%: Good 71-84%: Fair 0-70%: Room for Improvement

hashtagNetflix

Netflix Score Card

Despite its position as a streaming service pioneer, Netflix surprisingly falters on the password security front. The company limits password length, a big no-no, and does not enable a built-in 2FA option. These are disappointing policies for one of the world’s most beloved services.

Password Security: Room for Improvement

⛔ Limits password length to 60 characters

✅ Allows users to paste passwords

⛔ Offers two-factor authentication

⛔ Allows authenticator apps

⛔ Allows authenticator hardware

✅ Informs users of password reset

⛔ Requires login using new password

PASSWORD SECURITY SCORE: 28%

hashtagAmazon Prime

Amazon Score Card

While Amazon Prime fares better than Netflix, with a score of 57%, it still falls into the ‘room for improvement’ category. But, it does enable 2FA which is an absolute must.

Password Security: Room for Improvement

⛔ Limits password length to 16 characters

✅ Allows users to paste passwords

✅ Offers two-factor authentication

⛔ Allows authenticator apps

⛔ Allows authenticator hardware

✅ Informs users of password reset

✅ Requires login using new password

PASSWORD SECURITY SCORE: 57%

hashtagDisney+

Disney+ Score Card

Props to Disney+ for not limiting password length and allowing users to paste passwords (and therefore, easily use password managers). But, it would do the Mouse some good if it wised up to the importance of authentication.

Password Security: Room for Improvement

✅ Does not limit password length

✅ Allows users to paste passwords

⛔ Offers two-factor authentication

⛔ Allows authenticator apps

⛔ Allows authenticator hardware

✅ Informs users of password reset

⛔ Requires login using new password

PASSWORD SECURITY SCORE: 42%

hashtagPeacock

Peacock Score Card

Peacock earns a grade mirroring that of Disney+, and the strengths and weaknesses remain the same. Like Disney+, some of these policies are surprising. While Peacock is new, its parent NBC has been in business for years and should know its way around the security block.

Password Security: Room for Improvement

✅ Does not limit password length

✅ Allows users to paste passwords

⛔ Offers two-factor authentication

⛔ Allows authenticator apps

⛔ Allows authenticator hardware

✅ Informs users of password reset

⛔ Requires login using new password

PASSWORD SECURITY SCORE: 42%

hashtagHBO Max

HBO Max Score Card

HBO Max performs better than most of its peers, tying with Amazon Prime in the 57% camp. Unlike Amazon Prime, HBO Max drops the 2FA ball.

Password Security: Room for Improvement

✅ Does not limit password length

✅ Allows users to paste passwords

⛔ Offers two-factor authentication

⛔ Allows authenticator apps

⛔ Allows authenticator hardware

✅ Informs users of password reset

✅ Requires login using new password

PASSWORD SECURITY SCORE: 57%

hashtagConclusion

The business and media press constantly debates the streaming service wars. Perhaps the services can eventually project their competitive drive towards improving password security protocols for their customers. As this evaluation demonstrates, there is considerable opportunity for growth.

Consumers who are using one or multiple streaming services would be wise to focus on the fundamentals, such as using strong and unique passwords (and different passwords for each site, as password reuse is a dangerous game) and deploying 2FA solutions where possible (thank you, Amazon Prime).

While we’re on the topic of 2FA, hopefully more sites will incorporate additional options. Two-factor authentication extends the login process beyond a single step, which offers greater security than just a username and password. Consumers are very capable of using 2FA, as well. According to the Second Annual Bitwarden World Password Day Survey, 73% of respondents use 2FA for work accounts and 78% use 2FA for personal accounts.

So, how did your favorite streaming service perform? Follow Bitwarden on Twitter and let us know.

hashtagGet Started with Bitwarden

Ready to get started with a password manager today? Quickly get set up with a free Bitwarden account, or sign up for a 7-day free trial of our business plans so your business and company colleagues can stay protected.

On this page

Back to Blog

Get started with Bitwarden today.

Create Your Free Account
Language

Products

Resources

  • Resource Center
  • Community Forums
  • Security Compliance
  • Success Stories
  • User Reviews
  • Newsfeed
  • Subscribe to Updates
©2022 Bitwarden, Inc.
Terms Privacy Sitemap