If I were to ask you if you share your email account password with anyone else, the vast majority of you would probably say “absolutely no chance!”… but when it comes to media services such as Netflix, Amazon Prime and Spotify, such password sharing is actually quite common. It may sound innocent, but when people are using the same password for their media service that they use for other accounts, it starts to become worryingly dangerous and the risk of account compromises increases. With daily data breaches and a lack of public cyber-awareness, we need to start to understand the risks of cybercrime. A good place to start is with password education.
I have always been interested in the way people share their media service accounts with friends and family, as well as what happens to the accounts after partners break up or friends don’t see each other anymore. I’m fascinated with the way people divulge these login credentials, and have also wondered how many people use the same password for multiple accounts.
The big question for me, however, has always been: “How can people be so lax with their security?”
To get to the bottom of the issue, I recently ran a survey on Twitter that received over 2,700 responses, giving me some insight into how people treat their passwords.
First, I asked what media services they use. Two big runners and with no surprise, Amazon Prime (50%) and Netflix (47%), were the most popular. YouTube TV came in at 28% and Spotify at 23%. Others made up the rest including Now TV, Disney+ and Sky.
Second, I asked if they shared their media services with anyone and interestingly, 60% of people do share their accounts with at least one other person, such as family members and friends. One in three account holders shared their services with two or more others.
Next, I was interested to learn how these passwords were given to their connections. Surprisingly, more than 1 in 5 people revealed it by saying the password out loud and 7.5% of respondents texted or emailed the password. That said, the vast majority of people who shared it typed their password in themselves, presumably hidden from any spectators.
Therefore, over a quarter of people have willingly given away their passwords to someone else and that there is also often some sort of written record of it. This may not sound worrying when you know the other party with whom you are sharing the password, with but what if they pass it on to someone without thinking? For example, would your teenager son or daughter share their family accounts with their friends who aren’t fortunate enough to have the particular media service that everyone is talking about at school?
In fact, when researching the phenomenon of sharing passwords, I found that people on Twitter sometimes ask their followers if they are happy to share their Netflix credentials with them. More worryingly, some followers actually comply with such demands.
Furthermore, from the people I surveyed, just over 1% of respondents have lost contact with one or more people with whom they share their media service. This could be an ex-partner or a friend they don’t see any more, for example.
More disturbing is that I found 14% of people use the same passwords across multiple accounts online, meaning that their accounts can become easy pickings for criminals. Password recycling is a bad idea even if the password is something like “Afeg45t3@4DFew/15f][_}1”. Complex passwords are stronger against attacks where hackers use social engineering and open source research to work out your password … but by duplicating it anywhere on the internet, it increases your chance of compromise even if your password isn’t super-simple, such as your child’s name.
However, I understand that most people (52%) want to share their accounts and therefore need to hand over the password. Typing in a complex password can be a frustrating experience, but we can make this easier with the help from password managers. Most users will also want to enter their details into multiple devices such as TV, laptop and smartphone.
Therefore, my advice would be to use a passphrase consisting of at least three random words with some punctuation or numbers to separate the words. This will make you remember the passphrase from just looking at it once and easy to enter where you have to. It’s also a good idea to change your media services passwords once a year. This will flush out anyone who has gained access over the last year who maybe shouldn’t.
But where should you store these unique passwords and account details? I have hundreds of accounts and there is no way I could remember every single password I use. The answer lies with the use of a robust password manager.
Password managers are a secure way to store passwords so that you don’t have to remember hundreds of credentials whilst keeping them all unique and complex. Once you need to use a particular password, you can open your password vault, possibly even using biometric security, and copy the password into the field required.
But let’s go back to my survey. Worryingly, I found that only 26% of respondents use a password manager. This leaves 3 out of 4 people who do not take advantage of storing their passwords securely, meaning they have some other way of remembering all their credentials. This could be writing them down or more worryingly, relying on just a handful of passwords: usually a capitalized common word or name with a number at the end.
Working from home has meant we have had to adapt to a new way of life, and this may have meant adapting to a new set of practices within our new home office environments. Practices, such as beefing up the home router security or using a VPN, all help with making remote working safer online. But it’s astonishing to find that so few people are utilizing a password manager, even though it could make their life not only easier, but also far more secure.
If there is one thing you can do today, download a reputable password manager and install it on your smartphone, tablet and laptop. These tools are very robust and you will be the only one eligible for access, keeping potential hackers away from your passwords.