Users Resist Tighter Pay TV Security

Video consumers are still reluctant to embrace more secure authentication methods than traditional passwords despite mounting fears over identity theft and intrusion into privacy.

This is vexing for service providers as they struggle to contain piracy while also countering lower level threats to revenue such as casual sharing of passwords among friends and family. Passwords alone, like PINs, rely on just the first factor of security, something the user knows. The second factor exploits something the user has unique to them, such as passkey generator, some plug-in dongle, or their smartphone. The third factor is something the user is, in other words a biometric like a thumb print or iris, which can be scanned, or voice, which can be recognized. Some pay TV operators have been hoping to add either a second or third factor to password protection, or even both, to strengthen access control.

But resistance to innovation in authentication, at least by users of video services, has been confirmed in a recent survey by Dallas based analyst firm Parks Associates. Entitled "Innovations in Authentication and Personalization Technologies," the report found that 16 per cent of broadband households in the US admit to sharing their passwords for their video service accounts with other people, with the real figure quite likely higher than that.

The survey also found that service providers are having a hard time persuading subscribers to adopt more advanced methods of password-free authentication, based either on a second factor such as a one-time passkey generator, or a biometric third factor. Yet this comes at a time when, as the survey reported, consumers are increasingly concerned over fraudsters stealing their data and/or identity, as well as over how hacked data and devices may be abused.

There is also increasing acceptance of additional factors of security around smartphones, including biometrics. Consumers have embraced the second factor of some device they own for online banking, as well as using their smart phones for that factor. Most of these methods though either suffer from integration complexity or implementation weaknesses as far as accessing premium video content is concerned. This has led Google for example to develop two-factor security based on dedicated hardware units serving client devices either via direct USB connection or Bluetooth. Indeed, there has been growing momentum behind such physical key systems that can be used to protect online services of different kinds, with a few dedicated vendors in the field, such as Yubikey and Feitian.

 Abe Peled is chairman of Synamedia, which advocates innovative business models to cut down password sharing.

Abe Peled is chairman of Synamedia, which advocates innovative business models to cut down password sharing.

Google weighed in with the launch in July 2018 of its Titan Security Keys based on a standard called FIDO developed to facilitate interoperability among such devices supporting strong authentication. These devices operate much like two-factor authentication systems for smartphones, which typically send a code as a text message to the user for accessing a service, except that these are dedicated just to security. Using text messages is less secure because the codes are vulnerable to interception unless stronger versions are used on smartphones, which is not widely done.

The problem though is that Titan, like any second security factor, is inconvenient to use. Subscribers can only access their service if they have the device on them or available nearby and have to engage in this additional physical manoeuvre. The Parks Associates survey identified that most users were unwilling to embrace such devices and that friction must be reduced.

“To drive adoption of new authentication methods, the industry needs to deliver a frictionless user experience, bringing a more personalized approach to authentication in addition to increased security,” said Billy Nayden, Research Analyst, Parks Associates. “Poor experiences with authentication and personalization technologies will drive consumers back to traditional methods and increase churn for video services.”

Google Titian Security Key

Google Titian Security Key

Google has so far failed to solve the friction problem with Titan and so the solution may lie instead with intelligent monitoring that attempts to identify users whose behaviour is either threatening or puts their account at risk of unauthorized access. The critical point here, as that survey again noted, is that users are willing to engage in additional security measures occasionally so long as they are not compelled to do so every time they gain access.

For this reason, there has been growing interest in, and evaluation of, risk-based authentication(RBA), sometimes referred to as adaptive authentication, for identity verification and access control. This takes account of a range of factors, such as where the user is, what time they gain access, how long they remain logged in, and what systems they are accessing, in order to assess risk. Then when a specified risk threshold is exceeded, the user might be asked to undergo a full two or even three factor authentication process.

However, risk-based authentication could threaten privacy unless carefully implemented, which service providers will have to bear in mind. Such a system though could identify casual sharing of passwords on the basis of user location for example. As it happens, Synamedia, the company bought back from Cisco by equity group Permira Funds in 2018, recently launched a product to exploit such capabilities to tackle casual sharing of passwords. The idea is that the rump of essentially honest consumers can be brought onside and even tapped for additional revenues, by offering services that enhance rather than block sharing of their video service with friends or family.

You might also like...

AI And Flexible Workflows Are Key Themes In Playout & Delivery At 2023 NAB Show

At this year’s show there will be much talk of the impact of AI on almost all aspects of delivery, with workflow flexibility, efficiency and analytics also featuring.

Monitoring & Compliance Technologies At NAB 2023

Monitoring vendors face various challenges highlighted at NAB 2023, including demands for consultant Quality of Experience across multiple channels, and between adverts and programming content. Then specifically for the US market, a notable theme at NAB will be the rise of…

Rising Live Sports Streaming Drives Supply Chain Innovations At 2023 NAB Show

Drives for energy and cost efficiencies underlie some of the streaming supply chain innovations on show at NAB 2023, balanced against demand for more immersive experiences and guaranteed QoS. The rise in live sports streaming is accentuating demand for better protection…

The Big Guide To OTT: Part 1 - Back To The Beginning

Part 1 of The Big Guide To OTT is a set of three articles which take us back to the foundations of OTT and streaming services; defining the basic principles of the OTT ecosystem, describing the main infrastructure components and the…

Learning From The Experts At The BEITC Sessions at 2023 NAB Show

Many NAB Shows visitors don’t realize that some of the most valuable technical information released at NAB Shows emanates from BEITC sessions. The job titles of all but one speaker in the conference are all related to engineering, technology, d…