Want to watch “The Queen’s Gambit” or “Lupin”? If you’ve been borrowing a Netflix password from a family member or friend, you may now have to pay up.
Netflix has started testing a feature that could prod users who are borrowing a password from someone outside their household to buy a subscription.
The company said the feature was being tested with a limited number of users. It may signal a broader clampdown on the common practice of sharing passwords among relatives and friends to avoid paying for the popular streaming service.
“The test is designed to help ensure that people using Netflix accounts are authorized to do so,” the company said in a statement.
Some users began to notice the feature recently when they logged onto a shared Netflix account and saw a message on their screen that read, “If you don’t live with the owner of this account, you need your own account to keep watching.”
To continue watching, these users were asked to either verify that it was their account by entering a code that was sent to them by text or email, or join with their own account to Netflix. They also had the option to complete the verification process later.
A basic Netflix subscription, which allows customers to watch on one screen at a time, costs $8.99 a month. Customers who pay more can watch on additional screens simultaneously.
Netflix declined to discuss its new feature, previously reported by The Streamable, an industry news site, in detail. But industry analysts said it might be part of an effort to enforce Netflix’s frequently overlooked terms of use, which state the service and its content “are for your personal and noncommercial use only and may not be shared with individuals beyond your household.”
The test also appears to be more of a nudge to buy a subscription than an iron-fisted crackdown. For example, someone who was borrowing a password from a friend or family member could ask for the verification code that had been sent by Netflix.
“I’m not convinced this is an all-out assault,” said Michael D. Smith, a professor of information technology and marketing at Carnegie Mellon University in Pittsburgh. “It could be a warning shot over the bow of some pirates.”
But, he said, merely reminding people that password sharing is not allowed could persuade some people to buy a subscription, rather than continue to use the one their friend of relative bought.
“Even minor signals that piracy isn’t acceptable could change people’s behavior,” he said.
The test comes as Netflix viewership has drastically risen during the coronavirus pandemic.
The company said in January that it had added 8.5 million customers in the fourth quarter, for a total of 203.6 million paying subscribers by the end of 2020. The company has about 66 million customers in the United States and is anticipated adding six million total subscribers in the first three months of this year.
Netflix had earlier hinted that it was looking at ways to stop password sharing. Gregory K. Peters, the company’s chief product officer, said during a call to review the company’s earnings in October 2019 that Netflix was “looking at the situation.”
“We’ll see, again, those consumer-friendly ways to push on the edges of that,” Mr. Peters said, adding that the company had “no big plans to announce at this point.”
Professor Smith said the company clearly loses a significant amount of revenue through people using the service but not paying for it.
“Sharing your password is piracy, and it could be costing Netflix a good deal of money if people who would otherwise subscribe are using their friends’ passwords, so that’s no doubt a problem,” he said. “The real challenge for them is finding who the password sharers and who the legitimate accounts are.”
Beyond the business concerns, requiring users to enter a code that is texted or emailed could also have security benefits, said Lorrie Faith Cranor, a professor of computer science and engineering and public policy at Carnegie Mellon.
Hackers could in theory change the settings of a customer’s Netflix account and start charging the person more, she said. They could also gain access to information that could help them break into other accounts, especially if the customer uses the same password for multiple accounts. “That’s a very common thing,” she said.
But requiring a user to enter a code that is sent via text or email — a process known as two-factor authentication that is used by many social media and banking apps — makes it harder for attackers to break in.
“I’m not sure it’s a huge benefit,” Professor Cranor said, “but there is some benefit.”
