Netflix, one of the largest streaming services in the world maintains millions of subscribers a year. This post doesn't cover the content or the subscribers, but rather poses an excellent question.
Netflix: why no 2FA for the login process?!
2FA, also known as multi-factor authentication or two factor authentication provides an additional layer of security for an authentication mechanism.
Multi-factor authentication (MFA) is an authentication method in which a computer
granted access only after successfully presenting two or more pieces
of evidence (or factors) to an
authentication mechanism: knowledge (something the user and only
the user knows), possession (something the user and only the user
has), and inherence (something the user and only the user
Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming
users' claimed identities by using a combination of two different
factors: 1) something they know, 2) something they have, or 3)
something they are.
A good example of two-factor authentication is the withdrawing of
money from an
ATM; only the correct combination of a bank
the user possesses) and a
PIN (something the user knows) allows
the transaction to be carried out.
Two other examples are to supplement a user-controlled password with a
one-time password (OTP) or code generated or received by an
authenticator (e.g. a security token or smartphone) that only the
Two-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something
they know (password) and a second factor other than something they
have or something they are. An example of a second step is the user
repeating back something that was sent to them through an
mechanism. Or, the second step might be a six digit number generated
by an app
that is common to the user and the authentication
Netflix does not currently offer any forms of the above security. Why? Many claim that the engineering effort would not be worth it, or that their is not private information to protect. I'd argue these points and state that your:
- Mailing address
- Billing address
- Last four of your credit card or PayPal (or billing method)
would be considered private information among many. A problem of unauthorized login sharing of Netflix credentials is rampant; 2FA would assist with preventing this.
The question is -- what's your take on why Netflix has yet to implement increased security measures for its users? Why no 2FA?