Why Password Sharing has become (begrudgingly) an accepted social norm

I'll let you in on a little secret - I share some of my streaming service passwords with friends and family. Yes, like millions of Americans, I am guilty of shared utilization (i.e. letting others take advantage of my services) to watch shows like "The Wire" or "Cleaning Up with Marie Kondo" (you know who you are).

And I suspect many of you reading this blog fall into this same category. In fact, nearly one third of Millennials as reported by Magid share passwords for video streaming services. Although this shared percentage seems small, it's going to cost pay TV providers $9.9B and OTT providers $1.2B in 2021.

For pay tv and OTT providers, this is no small number. For context, Netflix spent $2.0B in 2018 to produce over 40 shows and aggressively market them. Some of you may be thinking - well, the logical next step to combat this bad (but I may add socially accepted behavior) is to police it. Why? Because that's what we've typically done as a society.

The most publicized example has to be Napster - yes, take a stroll down memory lane to the early 2000s when the record labels (specifically, Metallica, A&M Records) and the government declared users who downloaded songs as "Public Enemy #1." You can argue their efforts were more talk than action as a small percentage of users were actively prosecuted. (An article from The Guardian estimates only ~18,000 individuals were sued by recording Industry Association of America (RIAA)).

Looking for further examples? BitTorrent and Pirate Bay are other, more industry relevant examples. These sites allowed users to download television shows, movies, and nearly anything else for free. As the hyperlink indicates, in 2013, it was believed that over 200,000 BitTorrent users were engaged in some sort of legal action.

Why do I bring this up now? Isn't it true that password sharing, especially amongst streaming services, has existed since the beginning? (The answer is yes to that question). Well, two reasons.

First, the free market and the Millennials. It's been widely reported that Millennials hate paying for anything - including content. This trend is confirmed by Pay TV companies like DIRECTV and Dish who continue to shed subscribers by the hundreds of thousands every quarter. These subscribers (known as cord-cutters, cord-shavers or cord-nevers) are running to streaming services.

Understand the terminology:

Cord-cutter denotes someone who previously had Pay TV but has replaced that service with an OTT equivalent service (typically, Netflix, Hulu, DIRECTV NOW, YouTube TV, etc.).

Cord-shaver refers to a consumer who has significantly scaled back their Pay TV (i.e. dropped packages) and has OTT services as supplementary (again, typically Netflix or Hulu).

Cord-never is a consumer that never had a Pay TV service. Many Millennials fall into this category (including some members of my family).

Side Note - Expect to see the number of over the top (OTT) streaming services explode in 2019 as all the major broadcasters begin to disassociate their content via those platforms

Second, at CES last month, Synamedia announced it had developed AI that could identify customers sharing passwords. Immediately, a flurry of alarmist news articles hit the news proclaiming the coming of the Headless Horseman (in this case - regulation!).

But unlike many of these news agencies and bloggers, I'm not convinced the crackdown of passwords is among us. So, before you go to Decon 1 and reset all your shared passwords, mull over my thoughts on the situation.

They're Watching You

The reality is - streaming and video services have many ways to monitor their consumers and determine if they are sharing passwords and they've had the ability to do it for some time. Here's three simple ways they do it.

Location Services

You probably do not recall that little modal that popped up when you downloaded a live TV/Sports streaming app. Well, that message requested access to your location services - specifically, the GPS of your device. And when you said "Allow" - you gave over a critical piece of data - your location.

Now, in all fairness, GPS is necessary for live TV/sports apps to deliver content to you, the end user. For example, if you subscriber to MLB At Bat, you can stream baseball games with the exception of games in your local area. (Long story on rights between MLB and regional sports networks - that's for another day).

However, companies can use the data to track customers - where they are when accessing the device. It only takes a simple analysis to see that one username and password was accessed in various locations (i.e. NYC and LA around the same time). And bingo - it probably means you have multiple users on the account.

Note - The New York Times article details how pervasive (but unsurprising in my humble opinion) this trend is.

Viewership

This is an excellent lead in to my next point - viewership. Have you ever leant your username/password to a friend only to have non-relevant content suddenly pop up on your recommendation carousel? (i.e. Juxtaposition of Horror movies like "Saw" and cartoons like "Dora the Explorer).

What you watch is another telling sign of whether or not you share your creds with others. And specifically, what and where you are watching. Companies can then piece together (albeit not that easily) that the credentials are shared. Now, it's not a clear cut answer - you can argue preferences change amongst consumers - some days, I want to watch a Rom-Com and other days, I want a horror movie. That's why layering GPS, viewership and another indicator - concurrent streams help piece together the story.

Concurrent Streams

Recall that a few weeks ago, I blogged about prime time tv and the industry reporter, Nielsen (catch-up here!). Besides logging viewership, Nielsen monitors the number of TVs watching content in a household. For OTT subscribers, a concurrent stream is exactly the same thing - think of it as the number of TVs on in your house except across the internet.

Similar to pay TV there is a limit of the number of televisions that can be on at one time or the number of "concurrent" viewers. Given that OTT is delivered over broadband or LTE, it has the same limitations and for most services, users are capped at 2 or 3 concurrent streams (i.e. you can only have 3 tvs or connected devices watching at the same time).

In many ways, this is the most effective method to identify offenders when multiple users under the same credentials try to watch content at the same time or consistently and at different geographies.

Using any combination of these three indicators can provide companies with data on you and your co-conspirators. Yet, most companies have shied away from taking action for two key reasons.

The most important factor was growth - specifically, subscriber growth. As any entry level business student knows - strong user adoption is an indicator of nascent success - particularly in gross and net adds. Over the past decade, that's exactly what the FAANGs have been doing - growing and growing and growing. To them, they did not care if users shared password - positive word of mouth, customer first and consistent subscriber (i.e. revenue) mattered the most. Simply put, these companies had no desire to be the password police.

However, many of them did put in place roundabout rules to shave down on the worst offenders. Examples include:

Netflix

The service created primary and secondary profiles (that's the screen that pops up when you first log in asking "Who's watching?"). This allows customers to have multiple viewers separated out - making your data all the more valuable.

Amazon

Amazon found a creative approach to sharing - it allows two users to watch the same program but ties your profile back to 1 credit card - meaning you as the individual consumer take on risk by sharing your credentials.

Another key point is content. Most of these companies are distributors of content, not producers. This is an important distinction. Creators are protective of their content and more likely to go after offenders (think back to my example above with RIAA and Metallica prosecuting customers). Distributors have no stake in the content - they simply repackage and entice customers to watch it.

Which is again, why this is an interesting time. Both of these circumstances are changing. the lines between distributor and creator are blurring. Subscriber growth is slowing. Look no further than Netflix as the prime example. They have over 58M US householders and 130M accounts (including international).

Note - See a breakout of Netflix's subscriber base here.

Amazon has reported similar numbers. And both are now also content creators instead of simply distributors.

One thing is for certain - the actions, if any are taken, will differ dramatically from what we saw in the early 2000s. From my perspective, companies will steer away from punitive action and tread more "friendly." The Verge called this invoking the "guilty conscience" - that is, confronting the user head on with their action and offering an alternative path.

In this case, the alternative path is an upsell opportunity - get the customer to acknowledge their bad behavior and have them pony up and pay. Instead of driving them away, embed them further into your base.

In this day and age, it's a no win situation to push customers away. And that's why password sharing is here to stay and punitive action is more bark than bite.