Sharing SaaS Subscriber Password: The Netflix Identity Problem and How to Fix It

By Mike Vesey, Founder and CEO of IdRamp

My name is Mike Vesey. But how does a software as a service (SaaS) company KNOW that I am who I say I am?

It is likely to be through a combination of a question and a challenging answer. It could start with a username and password and maybe add multi-factor authentication with a hint of encryption for good measure.

But even now, how can we be sure that the real Mike Vesey is the person accessing the SaaS provider?

Answer: we can’t.

Anyone with access to the real Mike Vesey’s username and password can use any of Mike’s subscription. And this irreducible problem is a growing, seemingly intractable cost for SaaS providers.

Problems of Netflix subscribers and the solution to preserve privacy

Take Netflix one step further. The streaming giant recently announced it had lost 200,000 subscribersand the news contributed to a 75 percent decline share value since its peak with the fear that subscriber growth had reached its limits. But, according to Netflix, more than 100 million households use a shared password, including 30 million in the United States and Canada.

This represents a huge reservoir of monetizable users and an obvious way to restore the value of sharing if sharing user login details can be hacked, if Mike Vesey’s friend doesn’t pretend to be Mike Vesey to watch. Stranger things.

Netflix’s plan to fix subscription sharing is centered around by charging a fee for subscribers who share accounts with people outside their household.

Simple in theory, but so far stumbling in practice: The pilot program tested in Costa Rica, Chile and Peru found that the new rates are confusing for users, who have noticed a lack of clarity on Netflix’s definition of a “family”; and while some users canceled their subscriptions altogether, others said they were able to bypass the new policy and continue sharing passwords.

READ ALSO :   "Morbius" is a hit on Netflix, but is it okay?

The answer to Netflix’s problem isn’t “more rules and rates for users”, it’s a much simpler solution that simultaneously protects its content and revenue from freeloading dilution and improves the customer experience.

The answer is verifiable credentials and connection-based identity.

Using a decentralized approach to identity means the end of login and password-based authentication as we know it.

Instead of using a login and password that can be stolen or misused, each subscriber would be issued a unique, cryptographically verifiable digital credential. Keeping a login credential on a mobile device would not only make it nearly impossible to share credentials outside of families, but would also lead to a better user experience.

By withdrawing the use of the loathsome password and access that can be easily shared or stolen, a subscriber would be issued their verifiable credential and could access Netflix with a simple tap of an app.

Lessons learned for Netflix and other SaaS providers

Effective identity management systems that offer greater security and a better login experience and protect revenue are easy to adopt, especially if you keep a few things in mind:

  1. Use the buzz around Web3 and Web5 to your advantage

When the hype is overcome, Web3 and Web 5.0 signal the imminent end of traditional authentication methods. Decentralized identity solutions are no longer promised, they are now market products and the number of implementations is growing around the world.

Lean on this wave. Instead of eliminating new regulations that could potentially erode customer trust, build trust with your customers. Educate them about the new best way to make them exist online. Connection-based identity kills the password and makes password resets and multi-factor authentication a thing of the past. By offering a better customer experience, you will solve the fundamental login problem by granting specific access to a specific credential. Reduce user fraud and friction while increasing privacy and security.

  1. If scaling costs a fortune, forget it
READ ALSO :   Stream it or skip it?

Digital security takes up a significant portion of the annual operating budget of many SaaS providers. With a cascade of new authentication solutions on the menu for many of the most reputable identity providers (IDPs), including biometrics, 2FA, MFA and proof of documents. These methods offer important security benefits, but add costs without actually addressing the underlying problem of a centralized username and password SAAS service.

Also consider the cost of scaling that type of identity system. You might have 20, 200, or 2,000 customers today, but what happens when you have 2,000,000 in the future? These identity costs add up quickly. Connection-based decentralized identity is inexpensive compared to traditional identity services and scales quickly while delivering huge cost savings on existing technology.

  1. Systems of all maturity levels can benefit from innovation

In the nearly three decades of working in the identity security industry, I have seen some of the largest corporate organizations continue to operate on a patchwork of identity systems that make them vulnerable to fraud and open to security attacks. And for companies that feel confident that they are relying on the latest and most expensive products from leading IDPs, attacks on centralized entities grow every day.

Businesses and businesses of all sizes can adopt connection-based decentralized identity today for a more secure and cost-effective identity. The technology is incredibly easy to integrate into existing systems and can be implemented with little or no code.

Prepare for the future

Any forward-thinking company with subscription-based business models will reach a point where they need to sell to investors on future growth and subscriber numbers, while also looking at the maturity of their platforms, products and systems.

READ ALSO :   More people should be watching the best show on Netflix

The authentication revolution is happening now. Connection-based decentralized identity provides the opportunity for SaaS providers of all sizes to block subscriber revenue, remove password friction and multi-factor authentication, improve security, and significantly reduce the overall cost of management of identity.

About the author

Of Mike Vesey, Mike has a mission to provide transformative digital solutions for the global enterprise. He has developed award-winning products in unified communications, service operations, security, identity and data management. Mike has implemented complex identity integrations with some of the largest organizations in the world. He is the founder and CEO of IdRamp, which provides a decentralized identity platform that offers orchestration, password elimination, verifiable credentials, blockchain IDs, and easy-to-implement service delivery.

DISCLAIMER: the insights on the biometric update sector are sent contents. The views expressed in this post are those of the author and do not necessarily reflect the views of Biometric Update.

Topics of the article

biometric authentication | biometrics | Decentralized ID | identity management | IdRamp | multi-factor authentication | passwordless authentication | user experience | verifiable credentials

Tinggalkan komentar