Industry leaders security rankings: Streaming services edition
- Blog
- Industry leaders security rankings: Streaming services edition
When using streaming services, do you find that you can easily utilize strong and unique passwords?
Following the same end-user research-driven approach leveraged for the Banking Edition and Social Media Edition, Bitwarden explored major streaming services. This evaluation assessed the top 5 streaming services in the United States ranked by total users: Netflix, Amazon Prime, Disney+, Peacock, and HBO Max. Each platform has been graded according to the criteria below to evaluate password security friendliness.
The movie-going, cable-reliant era is dying as more and more people opt to stream. With this shift comes yet more usernames and passwords as users log into these services. According to a FinanceBuzz survey, 24% of households report paying for at least three additional streaming services than they did one year ago — another 21% are now paying for two more streaming services.
So, how are streaming services enabling (or not) the password security postures of their customers?
The criteria used to assess password security are:
Does the streaming service allow passwords that are at least 40 characters?
Experts advise passwords be strong and unique, with strength being best determined by long, random passwords.
"Short passwords are far more susceptible to a brute force attack, where a computer or malicious software program goes through every 8-digit combination (or more) of characters until it finds a match." - How secure is my password
For the purpose of this exercise, we’re specifically evaluating whether streaming services allow users to create passwords that extend to at least 40 characters -- because passphrases, which are increasingly popular, tend to be quite long. Plus, password managers, which help people generate, store, and manage passwords, can generate much longer passwords for enhanced security that may exceed the limit.
Does the streaming service allow users to paste and autofill passwords?
This is an essential feature for streamlined security. Password pasting enables the use of password managers. Autofill enables fast and easy logins. This also offers protection against phishing sites because password managers will not autofill credentials if the URL doesn't match what is stored in the vault.
Does the streaming service offer two-factor authentication (2FA)?
Two-factor authentication is more secure than simply using a username and password.
Does the streaming service allow authenticator apps?
Does the streaming service allow authenticator hardware?
Authenticator apps and hardware add extra levels of strong protection and are more secure than SMS text messages.
Does the streaming service send an email informing the user of a password reset?
Does the streaming service require the user to log in again using the new password?
These are both practical steps. It’s prudent to alert users to a password change they may not have authorized, and requiring them to log in again is a security best practice.
The following assessment includes a grade for each company. For example, 7/7 ✅ is a perfect score or 100%. A 5/7 is 71%, which is defined as Fair.
Below is a simple guide to the grading. Below that, you’ll see the grades for each streaming service.
85-100%: Good
71-84%: Fair
0-70%: Room for Improvement
Despite its position as a streaming service pioneer, Netflix surprisingly falters on the password security front. The company does not require users to login again after changing their password, and does not enable a built-in 2FA option. These are disappointing policies for one of the world’s most used services.
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not offer two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
⛔ Does not require login using new password
PASSWORD SECURITY SCORE: 42%
While Amazon Prime fares better than Netflix, with a score of 57%, it still falls into the ‘room for improvement’ category. But it does enable 2FA, which is an absolute must.
Password Security: Room for Improvement
⛔ Does not allow passwords ≥ 40 characters
✅ Allows users to paste passwords
✅ Offers two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
✅ Requires login using new password
PASSWORD SECURITY SCORE: 57%
Props to Disney+ for not limiting password length and allowing users to paste passwords and, therefore, easily use password managers. But it would do the Mouse some good if it wised up to the importance of authentication.
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not offer two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
⛔ Does not require login using new password
PASSWORD SECURITY SCORE: 42%
Peacock earns a grade mirroring that of Disney+, and the strengths and weaknesses remain the same. Like Disney+, some of these policies are surprising. While Peacock is new, its parent NBC has been in business for years and should know its way around the security block.
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not offer two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
⛔ Does not require login using new password
PASSWORD SECURITY SCORE: 42%
HBO Max performs better than most of its peers, tying with Amazon Prime in the 57% camp. Unlike Amazon Prime, HBO Max drops the 2FA ball.
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not offer two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
✅ Requires login using new password
PASSWORD SECURITY SCORE: 57%
Despite the security measures implemented by streaming services, there are still risks associated with password sharing. One of the most common risks is the use of weak passwords. Hackers can more easily guess or crack weak passwords, making it easier for them to access user accounts.
Phishing scams are another significant security risk. These scams trick users into revealing their login credentials by posing as legitimate streaming services with lookalike sites. Once hackers obtain these credentials, they can access user accounts and potentially steal personal information.
Malware is also a threat to streaming service security. Malicious software can be used to steal login credentials and gain unauthorized access to user accounts. This can lead to account compromise and potential data breaches.
Password-sharing policies vary across popular streaming services, reflecting each platform’s approach to balancing user convenience and security. Netflix, for instance, has taken a firm stance against password sharing. The streaming giant has implemented sophisticated systems to detect and prevent account sharing beyond household members. This move ensures that only paying subscribers access their vast content library.
On the other hand, Amazon Prime Video adopts a more lenient approach. Users can share their Prime Video account with up to three other individuals, making it easier for families and friends to enjoy the service together. Additionally, Amazon offers the Amazon Household feature, allowing users to share their Prime benefits, including Prime Video, with other household members.
Hulu has recently tightened its password-sharing policies, restricting account sharing to household members only. This change aligns with the industry’s trend toward limiting unauthorized access. Similarly, Disney+ has started to crack down on password sharing, emphasizing that accounts should only be shared within the same household.
Paramount+ stands out with a more flexible policy. It allows users to share their passwords with up to three other users. This approach balances user convenience and security, making it easier for subscribers to share their accounts with trusted individuals.
Perhaps the services can eventually project their competitive drive towards improving password security protocols for their customers. As this evaluation demonstrates, there is considerable opportunity for growth across the industry.
Consumers using one or multiple streaming services would be wise to focus on the fundamentals, such as using strong and unique passwords. Always use a different password for each site, as password reuse is a dangerous game. Deploy 2FA solutions where possible.
Two-factor authentication extends the login process beyond a single step, which offers greater security than just a username and password. Consumers are very capable of using 2FA, as well. According to the Bitwarden World Password Day Survey, 73% of respondents use 2FA for work accounts, and 78% use 2FA for personal accounts.
So, how did your favorite streaming service perform? Follow Bitwarden on Twitter and let us know.
Ready to get started with a password manager today? Quickly get set up with a free Bitwarden account, or sign up for a 7-day free trial of our business plans so your business and company colleagues can stay protected.
Catch up on the rest of the series to see how the top companies in the following industries fair when it comes to allowing consumers to utilize strong passwords: