The problem of password sharing has grown over the past few years and is costing the industry tens of billions. It is time to do something about it. [updated]
It has been widely known that the online streaming industry is losing significant amounts of revenue to password sharing for quite some time. When we first published this article in February 2019, estimates from Cartesian, based on a survey of nearly 1,200 American consumers, showed that 27% of consumers accessed streaming video content using account credentials borrowed or stolen from someone they do not live with.
Now the situation is worse.
According to 2021 data published in an article in Variety, the problem has become much worse since. It cites a survey from February of 1500 US consumers that said 40% use a streaming login and password that doesn’t belong to them, with roughly a third doing so without permission from the account holder. A massive 72% of Netflix subscribers said they let someone else use their account.
The reason for the uptick in password sharing since the original survey is very probably down to Covid and the need amongst friends and family members to find fresh content to watch in lockdown. Indeed, there is a pronounced generational shape to the phenomenon. We looked in detail at intergenerational attitudes to video piracy recently and found that 60% of Millennials said they shared passwords within the family, and 42% reporting sharing with friends. That data was all pre-Covid too and has probably also seen a rise in numbers.
The amount of money the industry is losing as a result of all this is staggering.
Revenue loss from sharing passwords
Citi analyst Jason Bazinet estimated in March 2021 that sharing online passwords to SVOD services means a massive $25 billion yearly loss for US companies, estimating that one company alone alone accounts for around 25% (ie, around $6bn) of that lost revenue.
“As streaming services move to center stage, thwarting this theft will be of growing importance for shareholders,” Bazinet wrote.
This is an important point. While SVOD has been in the growth stage the major providers have adopted a slightly laissez-faire approach to monitoring password sharing, almost utilising it as an unofficial promotional tool and reasoning that users — especially inter-family ones — will eventually migrate to their own accounts. HBO CEO, Richard Pleper, said this in 2014:
“It’s not that we’re ignoring it, and we’re looking at different ways to affect password sharing. I’m simply telling you: it’s not a fundamental problem, and the externality of it is that it presents the brand to more and more people, and gives them an opportunity hopefully to become addicted to it. What we’re in the business of doing is building addicts, of building video addicts. The way we do that is by exposing our product, our brand, our shows, to more and more people.”
That era is now well and truly over; the market is way more competitive thanks to the arrival of new entrants such as Disney+ and investors want to know that everything is being done to protect their holding. Add that pressure to the Covid-fuelled growth in password sharing, and it is easy to see why companies have decided to take action.
The warnings we are starting to see from the big SVOD players go something like this: “If you don’t live with the owner of this account, you need your own account to keep watching.” An onscreen prompt then provides three options: get an email or text verification code to authenticate the account; click on a ‘Verify Later’ button; or sign up for a new account.
How to detect password sharing
There are various means that can be used to detect password sharing, but most, such as VO’s, now use AI to detect password sharing by observing location, consumption patterns, and more on different devices.
By examining the content that is watched, analyzing on which device it is watched and from where a detection service looks for patterns that indicate a shared password. The AI then gives the service provider a probability score of how likely it is that the account holder is ‘oversharing’.
Certain patterns indicate password sharing, but it’s important to differentiate between similar scenarios to know which are legitimate and which are not. As an everyday example, if an unusual number of devices are detected in a household, it could be simply because a user has changed devices. But if content that has been authenticated for consumption in one household is being consumed by devices at multiple IP addresses, it could well be due to password sharing. As usage patterns are dynamic, machine learning and AI are critical to sifting through the data since they can adapt to these shifts and continue to discern between legitimate use cases and infringements.
There are definite levels of infringement at work too. If a probability score indicates that it’s likely that the credentials have been sold online to multiple users, the service provider has the option of shutting down the accounts. However, if it’s a lower score, indicating that it’s probably just a family that is just too free with their credentials, the service provider can use this as an opportunity to upsell a premium package to the family.
This very seems to be the route that some of the bigger players are taking at the moment, using a form of nudge therapy to gently push users towards making the right, legal choice. They are doing it with understandable care as well. Protocols such as two-factor authentication can also present a barrier to new users. It’s a small one, but with consumer sensitivities set on a hair-trigger with streaming services and churn levels high — and potentially set to increase as the world emerges from lockdown — any barrier can be an unwelcome one.
However, with competition in the OTT space only intensifying and huge budgets being spent annually on content, one way or the other the era of the password-sharing freeloader may soon be coming to an end. And for the investors that are starting to increasingly look for returns from the industry, it is an important potential area of subscriber growth. While it might be tempting for other operators to adopt the old laissez-faire approach to it all, especially to attract subscribers away from services that are cracking down as they look to grow their own subscriber base, they may very soon find themselves out of step with a newly forming industry consensus.
Service providers who want to truly protect their content require comprehensive anti-piracy services, and that increasingly also includes mitigating against password sharing.
[With thanks to Esther Levine for creating the original article.]