Large media companies and streaming services are on to many of you.

If you are among the two-thirds of subscribers that have reportedly shared your Netflix, HBO GO, Hulu, or Disney+ password with friends and family, your provider probably already knows about it.

A recent report from HUB Entertainment Research found that at least 64% of 13-24-year-olds have shared a password to a streaming service with someone else, with 31% of consumers admitting they are sharing passwords with people outside of their home.

The reason many people share passwords is to save money on the cost of signing up for multiple streaming services. Many trade a Netflix password in return for a Hulu password, or hand over an HBO GO password in exchange for access to your Disney+ account. Research firm Park Associates claims that streamers lost an estimated $9.1 billion in revenue from password sharing, and can expect to lose nearly $12.5 billion by 2024 if password sharing is not curtailed.

Oddly, most streaming services are well aware of password sharing and the lost revenue that results from sharing accounts, and most care little, at least for now.

Marketplace notes a lot of the complaints about password sharing are coming from cable industry executives, shareholders, and Wall Street analysts, but for now most streaming services are just monitoring the situation instead of controlling it.

“I think we continue to monitor it,” said Gregory K. Peters, Netflix’s chief product officer, on the 2019 third quarter earnings call. “We’ll see those consumer-friendly ways to push on the edges of that, but I think we’ve got no big plans to announce at this point in time in terms of doing something differently there.”

Netflix sells different tiers of service that limit the number of concurrent streams to one, two, or four streams at a time. The company believes that if customers that share accounts bump into the stream limits, many will upgrade to a higher level of service which will result in more revenue.

Newcomer Disney+ not only recognizes password sharing is going on, it almost embraces it.

“We’re setting up a service that is very family friendly. We expect families to consume it,” Disney CEO Bob Iger said in an interview with CNBC. “We will be monitoring [password sharing] with the various tools that we have.”

The biggest tool Disney has to monitor account sharing is Charter Spectrum, which is aggressively encouraging streaming services to crack down hard on password sharing. Spectrum internet customers who watch Disney+ are now tracked by Spectrum, recording each IP address that accesses Disney+ content over Spectrum’s broadband service. When multiple people at different IP addresses access Disney+ content on a single account at the same time, Spectrum can flag those customers as potential password sharers.

Synamedia, a streaming provider security firm, uses geolocation tools to determine who is watching streaming services from where. If someone is watching one stream from one address and another person is watching from another city at the same time, password sharing is the likely culprit. For now, most companies are quietly collecting data to learn just how big a problem password sharing is and are not using that information to crack down on customers.

Streaming providers are more interested in stopping the pervasive sale of stolen account credentials on services like eBay and shutting down stolen accounts used to harvest content for unauthorized resale. But as sharing grows, so will calls from stakeholders to curtail the practice. Those in favor of vigorous crackdowns on password sharing argue billions of dollars of lost revenue will be lost. If a service like Netflix blocked password sharing, that could lead to dramatic increases in account sign-ups. But less established brands like Disney+ seem more concerned about losing the unofficial extra viewers that are watching and buzzing about shows on its new streaming platform. Find the best residential proxies to access the streaming content that is not available in your location.

Cable companies are frustrated about losing scores of cable TV customers to competitors that may be effectively giving away service for free. That has raised tempers at companies like Charter Communications.

“Pricing and lack of security continue to be the main problems contributing to the challenges of paid video growth,” Charter CEO Thomas Rutledge said in recent prepared remarks with Wall Street analysts. “The traditional bundle … is very expensive, and the actual unit rate of that product continues to rise, and that’s priced a lot of people out of the market. And it’s free to a lot of consumers who have friends with passwords. So our ability to sell that product is ultimately constrained by our relationship with content [companies], and we have to manage that in terms of the kinds of power that the content companies have.”

Charter’s power comes from its willingness to distribute cable networks like The Disney Channel to tens of millions of homes around the country. That forces Disney to listen to Charter’s concerns about piracy and password sharing and the issue is even documented in the latest carriage contract between the two companies.

Cable industry executives believe a crackdown on password sharing is inevitable, eventually. Just as the cable industry was forced to combat cable pirates during its formative years, streaming providers that welcome extra viewers today may lament the lost revenue those subscribers don’t bring to the table tomorrow.

Marketplace reports on the growing issue of streaming service password sharing. (2:19)

Charter Communications is contemplating tying piracy mitigation to renewed contracts with movie studios, cable networks, and other programmers in an effort to enforce a new authentication standard to stop password sharing on streaming services like Netflix, Hulu, Disney+, and CBS All Access.

The cable company is trying to build an alliance that will enforce authentication principles on subscribers that share passwords to streaming services. Walt Disney is the only programmer to sign on thus far, agreeing to Charter’s piracy mitigation strategies for its Disney+ service in return for a renewed contract to distribute Disney programming on Spectrum cable systems.

Thomas Rutledge, Charter’s CEO, has spoken frequently about revenue erosion caused when consumers share their streaming accounts with friends and extended family members. Spectrum enforces geofencing on its subscribers, prohibiting access to certain streamed content outside of the home. Rutledge has not been specific about exactly what types of limitations would be imposed under the new strategy, but examples could include geofencing, periodic location checks, and limits on the number of devices authorized to view content.

“Ultimately our goal is that we can get an alliance of a large enough group of programmers and operators to protect the value of the content that people produce and the content that we distribute and we pay for,” Chris Winfrey, Charter’s chief financial officer, said last week at the Bank of America Merrill Lynch 2019 Media, Communications & Entertainment Conference in Beverly Hills.

Winfrey severely criticized programmers that turn a blind eye to the practice of password sharing, claiming such practices are “insane.”

“To think that it doesn’t impact the way we get paid, it does,” Winfrey said. “And it conditions the entire marketplace to think that content should be devalued, it should be free, and that’s the way it is and I shouldn’t have to pay for it. It’s our firm belief that we’d be growing and growing significantly [if it wasn’t for password sharing].”

A company is testing a solution to video subscription password abuse that will register each device authorized to access streaming video, while giving customers a Forever Login, ending the need to regularly re-enter usernames and passwords to watch.

Synacor is responding to growing concerns from some in the cable industry that subscription television password sharing is allowing unauthorized access to content viewers did not pay to view. The new system is an attempt to upgrade the authenticated TV Everywhere experience to reduce subscriber inconvenience while locking down the number of concurrent devices allowed to view online content.

Currently, when a customer accesses subscription-required content online, they are asked to select their TV provider and then enter their assigned username and password to verify they are a current subscriber to a video package that includes that network. Once authenticated, the network’s website controls how long user credentials are kept before they must be re-entered, as well as how many concurrent viewing sessions from multiple family members are permitted.

TV Everywhere services were originally designed to allow the subscriber and anyone else living within the home to be able to access networks like CNN, HBO, ESPN, and others on portable devices in-home and while on the go. But many customers also share their user credentials with extended family members and friends who do not live at the same address. Unauthorized third parties also occasionally obtain user credentials through brute force hacking and sell them on the black market. The subscriber usually only discovers a security problem with their account when they reach the concurrent viewing limit, which displays as an on-screen message stating the maximum number of viewers are already watching content through a subscription and at least one must disconnect before a new stream can be viewed.

Cable company executives hold a variety of opinions about the seriousness of password sharing. Altice and Comcast, and programmers like Time Warner, Inc., which owns HBO and Cinemax, have not shown much concern about the practice, but Charter/Spectrum executives have, and are leading the charge to lock down subscriber authentication.

Synacor’s new system introduces a new layer of cable company-defined limits on streaming: registering each device allowed to view content as well as checking how many people are attempting to stream content simultaneously.

Under the new system, a customer will be permitted to register a limited number of “trusted devices” allowed access to streamed video content. A cable company, for example, could limit subscribers to two smartphones, one tablet, and one smart/internet-enabled TV or Roku box. Even if the subscriber has other devices, they would have to unregister an existing device before being allowed to register a new one. Additionally, a cable operator could limit concurrent streams to two or three, either per network or per account, regardless of what networks are being watched. That would mean, in one example, a family of four would designate a maximum of five “trusted devices” and be allowed to watch up to three concurrent streams per account. “Bill” could watch ESPN on the bedroom television, “Mary” could watch a murder-mystery on the Hallmark Channel on her tablet on the patio, and “Dylan” could watch a movie on HBO on his phone at the same time. But if “Sara” decided to watch a show on Lifetime on her phone, the system would block the request.

In the past, it was likely all four family members could watch concurrent streams of their shows on virtually any device they like, and they could also share login credentials with “Jeff” — a family member at college, who in turn shared his username and password with the other people living in his dorm room — exactly the kind of thing Charter CEO Thomas Rutledge would like to stop.

Synacor claims its new system is still a positive for consumers because it allows user credentials to be stored in perpetuity, ending the need for frequent logins to re-verify and re-authenticate one’s account, regardless of where they are. Synacor’s executive director of identity services, John Kavanagh, suggests it is a win-win for companies and consumers.

“They wanted to deliver the same user experience benefit…and we brought the trust along with it with device registration,” Kavanagh said. “The end-user experience of home-based authentication really set a high bar. They wanted to take that high bar and extend it elsewhere.”

But many subscribers, especially those with larger families, are likely to balk at the new restrictions, especially if cable operators offer to ease them in return for additional fees. The process of registering devices is also likely to be seen as cumbersome by those not technically proficient, as well as those who own a large assortment of electronic devices.

Multichannel News reports a recent study from Hub Research and CTAM that monitors the TV Everywhere market surveyed 3,491 TV subscribers who watch at least five hours of television a week and discovered 28% claimed that password sharing with friends and family members was okay and permitted by their provider, although generally it is not. Another 33% believed password sharing was allowed for family members who have since moved out of the family home and live elsewhere. No provider authorizes such viewing.

The cable industry generally does not mind password sharing for family members who are traveling or attending school and live outside of the home in a dorm, or watching on a device that belongs to a friend. They do mind if that friend keeps the user credentials and watches programming without their own subscription.

Kavanagh claims the biggest concern is “commercial-level” black market sales of user credentials to third parties who have no relationship to the account owner.

“Once we’re able to register that device securely as part of the sign-in flow, we then connect that with a complete list of devices that have been used with a given subscription,” Kavanagh said. “We not only expose that master list to the end user for their own benefit on things that might be suspicious, but on the operator side, it gives them a depth of awareness they haven’t had before. It allows them to have a fine instrument to enforce their business rules and security policies.”

Both customers and cable operators can see who is currently accessing content using their account and cancel authorization for device(s) they no longer own, lost, or are being used by those who do not have an association with the account holder at all.

The new system is being introduced on an experimental basis to some current customers, starting with Service Electric Cablevision. It is likely similar rollouts will happen with Synacor’s other clients, which include:

• Streaming Services: Sling TV, PlayStation Vue, HBO
• Telco TV: AT&T, Cincinnati Bell, Verizon, Windstream, CenturyLink
• Fiber/Cable TV: WOW!, Armstrong Cable, Atlantic Broadband, Cable One, Mediacom, GCI, Hotwire Communications, Charter/Spectrum, Grande Communications

Charter Communications CEO Thomas Rutledge is fed up with customers sharing their passwords to unlock television streaming services for non-subscribing friends and family and promises to lead an industry-wide crackdown on the practice in 2018.

“There’s lots of extra streams, there’s lots of extra passwords, there’s lots of people who could get free service,” Rutledge said at an industry conference this month.

Password sharing used to be limited to services like Netflix, HBO, Showtime and Hulu, but since the cable industry opened up its “authenticated” TV Everywhere services to viewing outside of the home, unauthorized viewing by non-subscribers has allegedly exploded.

Three typical tweets exemplify the problem for Rutledge. One sought to trade for a Spectrum user ID and password, another thanked a friend for sharing their Spectrum TV user credentials to unlock a channel showing the World Series. A third delighted in the fact he managed to hack his parent’s Spectrum account password and now watches cable television for free.

Rutledge complained that password sharing is now so rampant, one unnamed network authorized 30,000 simultaneous streams using a single customer’s login credentials.

Rutledge believes many non-paying customers are now enjoying Spectrum TV and other services as a result of the practice. Shareholders and Wall Street analysts are also concerned, particularly as cord-cutting continues to take a toll on cable TV subscriber numbers and revenue.

Rutledge

Bloomberg News reports there is divergent thinking about password sharing and how serious it actually is. Top executives at Time Warner, Inc., which owns HBO and Turner Broadcasting, have shrugged about password sharing in the past, believing it is a good way to introduce potential customers to their services and eventually become paying subscribers.

Password sharing “is still relatively small and we are seeing no economic impact on our business,” said Jeff Cusson, a spokesman for HBO.

But anecdotal evidence at networks like ESPN, owned by Walt Disney Co., suggests millennials have no moral dilemma routinely sharing their passwords, even with strangers. At one focus group targeting younger sports fans, all 50 participants raised their hands when asked if they shared passwords, according to a fuming Justin Connolly, executive vice president for affiliate sales and marketing at ESPN.

“It’s piracy,” Connolly said. “It’s people consuming something they haven’t paid for. The more the practice is viewed with a shrug, the more it creates a dynamic where people believe it’s acceptable. And it’s not.”

The TV Everywhere “authenticated subscriber” concept has traditionally required pay television customers to re-enter their username and password for each authorized device at least once each year, although some cable operators require subscribers to re-enter their credentials monthly, and actively discontinue access as quickly as possible when a customer downgrades or cancels their cable television service.

Many cable providers offer their own live streaming apps and on-demand streaming service showcasing the cable TV lineup for in-home and out of home viewing on desktops, tablets, and portable devices. Some limit the number of channels that can be viewed outside of the home and do not allow multiple users to concurrently stream programming. But most cable TV networks that support authentication do not limit concurrent streams or offer generous limits on how many services can be streamed at the same time over a single account.

(Source: Consumer Reports)

Charter is now taking the lead on demanding cable TV network owners tighten up their apps and online viewing to limit password sharing. Some of the toughest negotiations took place this past fall between Charter and Viacom, owner of Comedy Central, MTV, and Nickelodeon. Viacom pushed hard for Charter to restore its basic cable networks to Spectrum’s entry-level “Select” cable television package. In 2016, many Viacom networks were pushed to the much more expensive Gold package, which meant significant losses in audience as Time Warner Cable and Bright House customers switched to Spectrum’s TV plans. Time Warner Cable included Viacom-owned networks in all the company’s popular TV tiers, but most customers lost access to those networks when they switched to a Spectrum TV plan.

Viacom successfully negotiated the transition of its networks back to the Select TV plan beginning in late January, 2018. But those networks’ online viewing platforms and apps will now include stream limitations to keep simultaneous viewing and password sharing to a minimum.

ESPN, which has been dropped from the lineup in a number of slimmed-down cable TV packages, has also experienced plenty of password sharing, and has begun limiting the number of simultaneous streams allowed per customer. Originally, one account could launch 10 concurrent streams. That number has now been cut in half to five and the sports network is currently considering further reducing the stream limit to three simultaneous sessions.

One research group, Park Associates, estimates almost one-third of internet-only customers are streaming cable television networks and programming using someone else’s subscriber credentials. They estimate the cable TV industry will lose $3.5 billion from unauthorized viewing this year, rising to $9.9 billion by 2021.

Companies like Adobe Systems have begun selling services to cable TV providers that track the use of usernames and passwords and the location of those accessing online streams. They suggest cord-cutting is fueling unauthorized viewing as customers seek access to cable programming for free.

Much of the password sharing seems to be occurring among friends and relatives, especially children away from home. For now, most cable TV executives are fine with in-family sharing. What concerns most is when those passwords are further shared with friends or sold to strangers. It is uncertain if customers are always aware that their user credentials are being sold or traded by third parties. When an account that saw no streaming activity before suddenly generates 50 simultaneous streams in multiple states, hacking by an unknown party is usually suspected.

The cable industry remains undecided about exactly how many concurrent streams are appropriate for consumers. Netflix allows between one and four streams, depending on the plan chosen. HBO permits three simultaneous streams, DirecTV Now allows two while DirecTV’s satellite customers get up to five streams.