Users Resist Tighter Pay TV Security

Video consumers are still reluctant to embrace more secure authentication methods than traditional passwords despite mounting fears over identity theft and intrusion into privacy.

This is vexing for service providers as they struggle to contain piracy while also countering lower level threats to revenue such as casual sharing of passwords among friends and family. Passwords alone, like PINs, rely on just the first factor of security, something the user knows. The second factor exploits something the user has unique to them, such as passkey generator, some plug-in dongle, or their smartphone. The third factor is something the user is, in other words a biometric like a thumb print or iris, which can be scanned, or voice, which can be recognized. Some pay TV operators have been hoping to add either a second or third factor to password protection, or even both, to strengthen access control.

But resistance to innovation in authentication, at least by users of video services, has been confirmed in a recent survey by Dallas based analyst firm Parks Associates. Entitled "Innovations in Authentication and Personalization Technologies," the report found that 16 per cent of broadband households in the US admit to sharing their passwords for their video service accounts with other people, with the real figure quite likely higher than that.

The survey also found that service providers are having a hard time persuading subscribers to adopt more advanced methods of password-free authentication, based either on a second factor such as a one-time passkey generator, or a biometric third factor. Yet this comes at a time when, as the survey reported, consumers are increasingly concerned over fraudsters stealing their data and/or identity, as well as over how hacked data and devices may be abused.

There is also increasing acceptance of additional factors of security around smartphones, including biometrics. Consumers have embraced the second factor of some device they own for online banking, as well as using their smart phones for that factor. Most of these methods though either suffer from integration complexity or implementation weaknesses as far as accessing premium video content is concerned. This has led Google for example to develop two-factor security based on dedicated hardware units serving client devices either via direct USB connection or Bluetooth. Indeed, there has been growing momentum behind such physical key systems that can be used to protect online services of different kinds, with a few dedicated vendors in the field, such as Yubikey and Feitian.

 Abe Peled is chairman of Synamedia, which advocates innovative business models to cut down password sharing.

Abe Peled is chairman of Synamedia, which advocates innovative business models to cut down password sharing.

Google weighed in with the launch in July 2018 of its Titan Security Keys based on a standard called FIDO developed to facilitate interoperability among such devices supporting strong authentication. These devices operate much like two-factor authentication systems for smartphones, which typically send a code as a text message to the user for accessing a service, except that these are dedicated just to security. Using text messages is less secure because the codes are vulnerable to interception unless stronger versions are used on smartphones, which is not widely done.

The problem though is that Titan, like any second security factor, is inconvenient to use. Subscribers can only access their service if they have the device on them or available nearby and have to engage in this additional physical manoeuvre. The Parks Associates survey identified that most users were unwilling to embrace such devices and that friction must be reduced.

“To drive adoption of new authentication methods, the industry needs to deliver a frictionless user experience, bringing a more personalized approach to authentication in addition to increased security,” said Billy Nayden, Research Analyst, Parks Associates. “Poor experiences with authentication and personalization technologies will drive consumers back to traditional methods and increase churn for video services.”

Google Titian Security Key

Google Titian Security Key

Google has so far failed to solve the friction problem with Titan and so the solution may lie instead with intelligent monitoring that attempts to identify users whose behaviour is either threatening or puts their account at risk of unauthorized access. The critical point here, as that survey again noted, is that users are willing to engage in additional security measures occasionally so long as they are not compelled to do so every time they gain access.

For this reason, there has been growing interest in, and evaluation of, risk-based authentication(RBA), sometimes referred to as adaptive authentication, for identity verification and access control. This takes account of a range of factors, such as where the user is, what time they gain access, how long they remain logged in, and what systems they are accessing, in order to assess risk. Then when a specified risk threshold is exceeded, the user might be asked to undergo a full two or even three factor authentication process.

However, risk-based authentication could threaten privacy unless carefully implemented, which service providers will have to bear in mind. Such a system though could identify casual sharing of passwords on the basis of user location for example. As it happens, Synamedia, the company bought back from Cisco by equity group Permira Funds in 2018, recently launched a product to exploit such capabilities to tackle casual sharing of passwords. The idea is that the rump of essentially honest consumers can be brought onside and even tapped for additional revenues, by offering services that enhance rather than block sharing of their video service with friends or family.

You might also like...

NAB Show 2024 BEIT Sessions Part 2: New Broadcast Technologies

The most tightly focused and fresh technical information for TV engineers at the NAB Show will be analyzed, discussed, and explained during the four days of BEIT sessions. It’s the best opportunity on Earth to learn from and question i…

Standards: Part 6 - About The ISO 14496 – MPEG-4 Standard

This article describes the various parts of the MPEG-4 standard and discusses how it is much more than a video codec. MPEG-4 describes a sophisticated interactive multimedia platform for deployment on digital TV and the Internet.

The Big Guide To OTT: Part 9 - Quality Of Experience (QoE)

Part 9 of The Big Guide To OTT features a pair of in-depth articles which discuss how a data driven understanding of the consumer experience is vital and how poor quality streaming loses viewers.

Chris Brown Discusses The Themes Of The 2024 NAB Show

The Broadcast Bridge sat down with Chris Brown, executive vice president and managing director, NAB Global Connections and Events to discuss this year’s gathering April 13-17 (show floor open April 14-17) and how the industry looks to the show e…

5G Broadcast: Part 6 - Technical Dive Into 5G Broadcast & New 3GPP Standards

Standards bodies and mobile technology developers are putting the finishing touches to 5G Multicast and Broadcast. These include enabling seamless switching between unicast and multicast, and equally transparent roaming for users as they move between mobile cells. There is also…