Netflix’s Password-Sharing Crackdown

Dan Rubenstein explains how Netflix’s plan to curb password sharing will work.

Just a couple of years ago, Netflix declared, “Love is sharing a password,” on Twitter. But now the streaming service is putting into motion a plan to identify password sharers and limit access to the account owner and people in their household. Password sharers are apprehensive about what will happen next, if they can continue to binge-watch shows for free, and if other streaming services will clamp down on password sharing too.

Under the new terms, a Netflix subscription can be shared by a household. So, anyone living at the same physical address as the account owner can access Netflix. Those who stream while traveling must use a temporary code for access while away. And if they are away from home for long periods, they can log into Netflix from their household once every 31 days to confirm that they are an authorized user. People deemed outside the household will have to get their own subscription.

We asked Professor Dan Rubenstein, an expert in computer networks, how the tech behind password crackdown works.

Q: How easy is it for Netflix to limit password sharing?

Netflix can track users through the internet service and the IP addresses of devices connected to a household’s network. Most homes are associated with a single IP address. Netflix can use the IP address to get a rough sense of where someone is located or if it’s where they usually access from. There may be ways to redirect the IP address by using a proxy. But this is probably hard in most instances and not something most people would know how to do. 

Q: How could Netflix limit its service?

Currently, they limit the number of simultaneous online devices. They can also use various means in their own app or cookies in a browser to limit the total number of devices that can use a particular account.

So, they can specify things like “at most five devices can use the account,” and maybe they could limit the number of hours you can use it “outside the home.” I just think they need to be careful about cutting someone off with legitimate use, e.g., we traveled to Montreal and logged into our Netflix account there. This could also be an issue for students who are using accounts while away from home. They would not be able to log in from their house every month to verify their access.

Since Netflix never knows whether a device “outside the home” is yours or somebody else’s, they use verification checks as a means to make it inconvenient for someone else to use the account. For instance, if I let you use my account, they will periodically send an email to my address with a code you will have to enter at your location (from your device) to verify your use.

Q: Are these new techniques that they developed or something they could have been doing all along? 

They could have always done this. The information they use was always available – it’s more about the rules they put in place. By limiting how and when an account is used, they risk making the service less convenient.