Users Resist Tighter Pay TV Security

Video consumers are still reluctant to embrace more secure authentication methods than traditional passwords despite mounting fears over identity theft and intrusion into privacy.

This is vexing for service providers as they struggle to contain piracy while also countering lower level threats to revenue such as casual sharing of passwords among friends and family. Passwords alone, like PINs, rely on just the first factor of security, something the user knows. The second factor exploits something the user has unique to them, such as passkey generator, some plug-in dongle, or their smartphone. The third factor is something the user is, in other words a biometric like a thumb print or iris, which can be scanned, or voice, which can be recognized. Some pay TV operators have been hoping to add either a second or third factor to password protection, or even both, to strengthen access control.

But resistance to innovation in authentication, at least by users of video services, has been confirmed in a recent survey by Dallas based analyst firm Parks Associates. Entitled "Innovations in Authentication and Personalization Technologies," the report found that 16 per cent of broadband households in the US admit to sharing their passwords for their video service accounts with other people, with the real figure quite likely higher than that.

The survey also found that service providers are having a hard time persuading subscribers to adopt more advanced methods of password-free authentication, based either on a second factor such as a one-time passkey generator, or a biometric third factor. Yet this comes at a time when, as the survey reported, consumers are increasingly concerned over fraudsters stealing their data and/or identity, as well as over how hacked data and devices may be abused.

There is also increasing acceptance of additional factors of security around smartphones, including biometrics. Consumers have embraced the second factor of some device they own for online banking, as well as using their smart phones for that factor. Most of these methods though either suffer from integration complexity or implementation weaknesses as far as accessing premium video content is concerned. This has led Google for example to develop two-factor security based on dedicated hardware units serving client devices either via direct USB connection or Bluetooth. Indeed, there has been growing momentum behind such physical key systems that can be used to protect online services of different kinds, with a few dedicated vendors in the field, such as Yubikey and Feitian.

 Abe Peled is chairman of Synamedia, which advocates innovative business models to cut down password sharing.

Abe Peled is chairman of Synamedia, which advocates innovative business models to cut down password sharing.

Google weighed in with the launch in July 2018 of its Titan Security Keys based on a standard called FIDO developed to facilitate interoperability among such devices supporting strong authentication. These devices operate much like two-factor authentication systems for smartphones, which typically send a code as a text message to the user for accessing a service, except that these are dedicated just to security. Using text messages is less secure because the codes are vulnerable to interception unless stronger versions are used on smartphones, which is not widely done.

The problem though is that Titan, like any second security factor, is inconvenient to use. Subscribers can only access their service if they have the device on them or available nearby and have to engage in this additional physical manoeuvre. The Parks Associates survey identified that most users were unwilling to embrace such devices and that friction must be reduced.

“To drive adoption of new authentication methods, the industry needs to deliver a frictionless user experience, bringing a more personalized approach to authentication in addition to increased security,” said Billy Nayden, Research Analyst, Parks Associates. “Poor experiences with authentication and personalization technologies will drive consumers back to traditional methods and increase churn for video services.”

Google Titian Security Key

Google Titian Security Key

Google has so far failed to solve the friction problem with Titan and so the solution may lie instead with intelligent monitoring that attempts to identify users whose behaviour is either threatening or puts their account at risk of unauthorized access. The critical point here, as that survey again noted, is that users are willing to engage in additional security measures occasionally so long as they are not compelled to do so every time they gain access.

For this reason, there has been growing interest in, and evaluation of, risk-based authentication(RBA), sometimes referred to as adaptive authentication, for identity verification and access control. This takes account of a range of factors, such as where the user is, what time they gain access, how long they remain logged in, and what systems they are accessing, in order to assess risk. Then when a specified risk threshold is exceeded, the user might be asked to undergo a full two or even three factor authentication process.

However, risk-based authentication could threaten privacy unless carefully implemented, which service providers will have to bear in mind. Such a system though could identify casual sharing of passwords on the basis of user location for example. As it happens, Synamedia, the company bought back from Cisco by equity group Permira Funds in 2018, recently launched a product to exploit such capabilities to tackle casual sharing of passwords. The idea is that the rump of essentially honest consumers can be brought onside and even tapped for additional revenues, by offering services that enhance rather than block sharing of their video service with friends or family.

Let us know what you think…

Log-in or Register for free to post comments…

You might also like...

Building On IP COTS

Transitioning to IP improves flexibility and scalability, both of which are achievable using COTS IT equipment. But can COTS solve every challenge? Or does broadcasting still have some unique and more demanding requirements that need further attention? In this article,…

The Move Towards Next Generation Platforms

Whenever I’m asked about my opinion on the transition to IP, I always state that the impact can’t be appreciated until its history is understood. This brings into context the need for broadcasters to educate and surround themselves wit…

Taming The Virtualized Beast

Without doubt, virtualization is a key technological evolution focus and it will empower many broadcast and media organizations to work differently, more efficiently and more profitably.

Color and Colorimetry – Part 3

The human visual system (HVS) sees color using a set of three overlapping filters, which are extremely broad. As a result, the HVS is completely incapable of performing any precise assessment of an observed spectrum.

Color and Colorimetry – Part 2

At one time the only repeatable source of light on Earth was the sun. Later it was found that if bodies were made hot enough, they would radiate light. Any treatment of illumination has to start with the radiation from…