As programmers and studios launch their own streaming services, password sharing is becoming a bigger concern.

Jeff Baumgartner, Senior Editor

December 9, 2019

7 Min Read
Video Streamers Step Up Password-Sharing Crackdown

Video streamers were willing to look the other way at casual password sharing, but now distributors, programmers and major studios are cracking down.

Controlling unauthorized access used to be largely a problem for traditional pay-TV providers, but now content makers are planning and launching their own OTT-delivered streaming services, such as Disney+ and Apple TV+. They have shared responsibility -- and revenue to protect.

Tom Rutledge, chairman and CEO of Charter Communications, has been championing the cause, arguing that password sharing -- even casual forms -- can no longer be ignored or merely shrugged off as an acceptable practice.

It's been a slow process, but Rutledge, once a lonely voice, seems to be getting heard, as more and more consumers gravitate to OTT-TV offerings and as subscription VoD streaming services continue to take hold and shift the way people are consuming premium content.

"There is some recognition in the programming industry that they are now distributors," Rutledge said during Charter's Q3 earnings call in October. "And as a result of being distributors... they need to know where their content is going... It's just too easy to get the product without paying for it."

Disney is among those now on board, as The Mouse has agreed to collaborate with Charter on piracy and password-sharing mitigation as part of a new carriage deal that could lead to Charter's distribution of Disney-run OTT services such as Hulu, ESPN+ and Disney+.

But the bigger effort will likely involve The Alliance for Creativity and Entertainment (ACE), a legal consortium backed by major studios, programmers, distributors and OTT players, including Charter, Comcast/NBCU, Amazon, Disney, ViacomCBS, Amazon and even Netflix, which has previously looked the other way when it comes to password sharing.

ACE's focus on password sharing and unauthorized access is a new target for the group. Much of ACE's previous efforts have zeroed in on shutting down alleged video piracy and services or products such as DragonBox, Set TV and Omniverse One World Television.

Walking a fine line
But enforcement won't be straightforward. There's still plenty of debate on what should be considered acceptable password sharing. For example, if a kid heads off to college and uses his parents' Netflix password under a multi-stream family tier, that would seem to pass the smell test. But if that student shares those credentials with another student, not in the same family, that would probably not be legit. And selling a person's credentials on the dark web obviously crosses that line completely.

"There's a fine line" that the industry will need to consider as they weigh this issue and how to respond to it, Ivan Schnider, a marketing communications exec with Nagra, said.

Common sense plays a role. When many people share a "family" account and those people are never in the same location, that's virtually certainly crossing into fraud territory.

"These are emerging challenges" for the industry, added Tim Pearson, senior director of product marketing in Nagra's security division. "They're still identifying how to approach it and what is [acceptable] sharing versus basic fraud."

And the impact of password sharing on the marketplace is another grey area, as research and studies vary on the effects.

For instance, a Parks Associates study found that 16% of US broadband households admit to sharing their passwords for OTT video accounts. A Magid study from 2018 based on a survey of 2,000 people in the US, found that 26% of millennials (defined in the study as people between 22 and 40 years old) used passwords from someone else's account.

Synamedia, which has developed a password-sharing mitigation system for distributors and media companies, is privy to even higher numbers. Some of Synamedia's customers that conducted their own surveys found that as many as half of subscribers share credentials, according to Orly Amsalem, Synamedia's lead piracy product manager.

Casual password sharing "is becoming a social norm," Amsalem says. While some of that centers on people simply "being nice" to their friends, there are more serious cases of stolen credentials or instances where people are simply lazy and use the same user name and password across multiple services. Reuse of passwords that have already been compromised and distributed or sold illegally caused some consternation soon after the launch of Disney+.

New approaches
Synamedia's password-sharing mitigation platform focuses on a range of use cases, including outright fraud as well as more casual sharing. On the casual end, Synamedia is using a carrot-over-stick approach to help service providers make customers aware if it's believed their credentials have been compromised or offer them premium service that would allow sharing among friends and family.

Synamedia, formed from the acquisition of Cisco Systems' video software division in 2018, has not announced commercial deployments of the solution, but several trials have been completed, with others ongoing or coming up, according to Amsalem.

Synacor has also been on top of this as password-sharing mitigation becomes a bigger issue among both distributors and content players.

"It comes up a lot," Himesh Bhise, Synacor's CEO says. "They agree that there is revenue leakage and it should be addressed."

It's important to find the right technology approach. An easy "brute force" route would require consumers to log in more often or manage streaming concurrency, but that's "not a great user experience," Bhise said. "I think that's the easy answer, but not the sustainable, long-term solution that's right for customers."

Instead, Synacor is proposing a system that relies on device-related management and prevention algorithms. The general idea is to enable customers to link devices to the account and provide users with the administrative tools to manage the number of devices associated with the account. In turn, the service provider sets limits and policies.

Under that approach, user names and passwords don't need to be used as often and are in fact less relevant to the way streaming services are authorized. There's technically no need to log in at all if the device itself is authorized to stream the content. While this would still enable people to share the actual devices that are authorized, the potential for password-sharing abuse is vastly reduced, Bhise said.

Synacor's service for this has ready to go for months, and the company has been actively demonstrating it to the pay-TV and video industry. "People generally like the concept."

Synacor also has a simpler solution that's based on concurrency monitoring -- partners can set the number of concurrent streams allowed per account. Synacor's systems monitor that and can either cut off the service when the number is violated or escalate the customer to a higher tier of service. But Bhise views that as an interim solution that's not as elegant as the device-based authorization system Synacor is pitching.

For the moment, customers are generally sizing up the simpler approach to the problem and are weighing the more advanced option, which does require incremental investment and time to layer it on top of their existing platforms, Bhise said.

Nagra is also developing new session management control and device-based authentication capabilities that are now part of its flagship security services platform. OTT delivery and streaming has extended the content authorization problem beyond the set-top box to smartphones, tablets, smart TVs, gaming consoles and all other manner of IP-connected devices.

Service providers "need a pretty comprehensive set of tools to manage and protect and secure the entire service," Nagra's Pearson said. "Increasingly that's become a far more fragmented maze that those operators need to navigate."

And some service providers are stepping up. Vodafone, for example, has teamed with Nagra to ensure that devices used for the company's TV service across Vodafone's operating companies are secure.

"We're seeing big organizations starting to harness a lot of the challenges that we're talking about here," Pearson said.

Related posts:

— Jeff Baumgartner, Senior Editor, Light Reading

About the Author(s)

Jeff Baumgartner

Senior Editor, Light Reading

Jeff Baumgartner is a Senior Editor for Light Reading and is responsible for the day-to-day news coverage and analysis of the cable and video sectors. Follow him on X and LinkedIn.

Baumgartner also served as Site Editor for Light Reading Cable from 2007-2013. In between his two stints at Light Reading, he led tech coverage for Multichannel News and was a regular contributor to Broadcasting + Cable. Baumgartner was named to the 2018 class of the Cable TV Pioneers.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like