The Weakest Link is Motherboard's third, annual theme week dedicated to the future of hacking and cybersecurity. Follow along here.
Listen to Motherboard’s new hacking podcast, CYBER, here.
The internet is teeming with questions about password sharing etiquette. Who gets custody of the Netflix login? Is it okay to use a friend’s former lover’s mom’s HBO Go account?
Today, 74 percent of Americans share streaming and on-demand accounts like Hulu and Uber, according to a 2018 study by Country Financial. This year, a separate study by media research firm Magid, found that 35 percent of millennials share passwords for streaming services like Netflix.
Password sharing is a ubiquitous phenomenon, among romantic partners, friends, family members, and even strangers. But as security best practices become compulsory, and for good reason considering recent privacy scandals, why do so many people play it fast and loose with their logins?
“Sharing among individuals is a very old phenomenon,” Cait Lamberton, an associate professor of marketing and consumer behavior researcher at the University of Pittsburgh, told Motherboard.
“That impulse is arguably hardwired, only it’s easier now. With information, [such as paywalled content,] what I’ve given up isn’t necessarily depleted,” Lamberton said.
Numerous studies have probed the question: Does sharing make us happier? Spending money on others, sharing food, and even emotions can improve our mood, research suggests. That’s because altruism, which is at times “contrary to our own self-interest,” may be associated with the brain regions tied to reward processing and pleasure, say neuroscientists who have investigated such behavior.
Lamberton theorized that privacy threats related to password sharing feel abstract, “and aren’t particularly motivating.” But the warm glow of hooking someone up with HBO access is “very tangible.”
Regardless, cybersecurity matters when, say, platforms leak user information. Plenty of adults reuse their passwords despite an explosion of data breaches in recent history. And while you might not care if your throwaway Yahoo login is compromised, if you use the same email and password for your banking profile or PayPal account, hackers can compromise those accounts as well by leveraging data obtained from another breach. That's why you want to use a password manager, and never reuse the same login and password across multiple accounts, especially if you're sharing that information with loved ones in the form of a Netflix login.
No studies currently exist on the neural effects of password sharing. But anecdotal evidence offers plenty of other reasons for why we do it.
Rosalind Wiseman, author of the book Queen Bees and Wannabes, which focused on teenagers and their use of technology, chalked it up to peer pressure. In romantic pairings, “The response is the same: if we’re in a relationship, you have to give me anything,” Wiseman told the New York Times.
A 2011 study by the Pew Internet and American Life Project found that 30 percent of teenagers active online had shared a password with someone—“a sign of trust and intimacy,” it notes. Girls and older teens were also more likely to share their passwords.
“I was pretty broke and didn't have my own Netflix subscription—an ex gave me her login, which in turn came from a friend's boyfriend,” an anonymous source told me. “I used that guy's Netflix for years before he got wise, or just cancelled his subscription.”
Password sharing can also subvert information gatekeeping, or content that’s hidden behind a paywall, whether it may be entertainment, music, or scientific journals.
Some of the biggest academic publishers, for example, boast profit margins of 30 to 40 percent, higher than Google and Amazon, as a result of steep fees and volunteer labor. One study estimated that 73 percent of English-language scholarly articles—out of 114 million such articles that have been published online—are only viewable with a fee or subscription.
In academia, an open-access movement has swiftly gained traction. And while password sharing isn’t a key tenet, many scholars have circumvented paywalls in other ways; providing PDF copies of their articles, publishing to open-access repositories such as arXiv, or in one extreme case, pirating research to make it free for all.
“Many of us who provide labor feel as if keeping [scholarly information] behind a paywall is unfair,” Lamberton said. “When companies create barriers to access, and profit massively from those barriers, then people do feel like that’s unfair.”
Password sharing could cost streaming services $550 million in 2019, said marketing research firm Parks Associates. In response, companies like Netflix and Hulu now limit the number of concurrent streams. (However, Netflix CEO Reed Hastings once called the phenomenon a “positive thing.” And HBO CEO Richard Plepler said it was a “terrific marketing vehicle” with no downsides.)
So should we feel bad about freeloading? “The ethics and morality are for people to decide for themselves,” Katharine Trendacosta, a policy analyst at the Electronic Frontier Foundation, told Motherboard.
But the law around password sharing, specifically the Computer Fraud and Abuse Act, is incredibly vague, and can be interpreted in a variety of ways. It could be used to conflate all types of password sharing—flattening the issue by equating “sharing a Netflix password with a banking password,” Trendacosta said. The anti-hacking law Computer Fraud and Abuse Act, or CFAA, can also include terms of service violations, and because these agreements are prohibitively hard to read, and are frequently updated, users might not understand the consequences of their actions.
“I don’t think we’ll ever feel bad,” Lamberton said. “We still have idea that when we purchase something, it becomes ours to do with what we will.”
If you must share your credentials make that password unique, and be aware of the information people can see once they’ve logged in. Once you've given someone your password, you're no longer in control of it, so don't give it away unless you're comfortable with that password and everything associated with it being compromised.
“A lot of these platforms are experiential,” Lamberton said. “And we really just want to share our experiences with other people.”