Users Resist Tighter Pay TV Security

Video consumers are still reluctant to embrace more secure authentication methods than traditional passwords despite mounting fears over identity theft and intrusion into privacy.

This is vexing for service providers as they struggle to contain piracy while also countering lower level threats to revenue such as casual sharing of passwords among friends and family. Passwords alone, like PINs, rely on just the first factor of security, something the user knows. The second factor exploits something the user has unique to them, such as passkey generator, some plug-in dongle, or their smartphone. The third factor is something the user is, in other words a biometric like a thumb print or iris, which can be scanned, or voice, which can be recognized. Some pay TV operators have been hoping to add either a second or third factor to password protection, or even both, to strengthen access control.

But resistance to innovation in authentication, at least by users of video services, has been confirmed in a recent survey by Dallas based analyst firm Parks Associates. Entitled "Innovations in Authentication and Personalization Technologies," the report found that 16 per cent of broadband households in the US admit to sharing their passwords for their video service accounts with other people, with the real figure quite likely higher than that.

The survey also found that service providers are having a hard time persuading subscribers to adopt more advanced methods of password-free authentication, based either on a second factor such as a one-time passkey generator, or a biometric third factor. Yet this comes at a time when, as the survey reported, consumers are increasingly concerned over fraudsters stealing their data and/or identity, as well as over how hacked data and devices may be abused.

There is also increasing acceptance of additional factors of security around smartphones, including biometrics. Consumers have embraced the second factor of some device they own for online banking, as well as using their smart phones for that factor. Most of these methods though either suffer from integration complexity or implementation weaknesses as far as accessing premium video content is concerned. This has led Google for example to develop two-factor security based on dedicated hardware units serving client devices either via direct USB connection or Bluetooth. Indeed, there has been growing momentum behind such physical key systems that can be used to protect online services of different kinds, with a few dedicated vendors in the field, such as Yubikey and Feitian.

 Abe Peled is chairman of Synamedia, which advocates innovative business models to cut down password sharing.

Abe Peled is chairman of Synamedia, which advocates innovative business models to cut down password sharing.

Google weighed in with the launch in July 2018 of its Titan Security Keys based on a standard called FIDO developed to facilitate interoperability among such devices supporting strong authentication. These devices operate much like two-factor authentication systems for smartphones, which typically send a code as a text message to the user for accessing a service, except that these are dedicated just to security. Using text messages is less secure because the codes are vulnerable to interception unless stronger versions are used on smartphones, which is not widely done.

The problem though is that Titan, like any second security factor, is inconvenient to use. Subscribers can only access their service if they have the device on them or available nearby and have to engage in this additional physical manoeuvre. The Parks Associates survey identified that most users were unwilling to embrace such devices and that friction must be reduced.

“To drive adoption of new authentication methods, the industry needs to deliver a frictionless user experience, bringing a more personalized approach to authentication in addition to increased security,” said Billy Nayden, Research Analyst, Parks Associates. “Poor experiences with authentication and personalization technologies will drive consumers back to traditional methods and increase churn for video services.”

Google Titian Security Key

Google Titian Security Key

Google has so far failed to solve the friction problem with Titan and so the solution may lie instead with intelligent monitoring that attempts to identify users whose behaviour is either threatening or puts their account at risk of unauthorized access. The critical point here, as that survey again noted, is that users are willing to engage in additional security measures occasionally so long as they are not compelled to do so every time they gain access.

For this reason, there has been growing interest in, and evaluation of, risk-based authentication(RBA), sometimes referred to as adaptive authentication, for identity verification and access control. This takes account of a range of factors, such as where the user is, what time they gain access, how long they remain logged in, and what systems they are accessing, in order to assess risk. Then when a specified risk threshold is exceeded, the user might be asked to undergo a full two or even three factor authentication process.

However, risk-based authentication could threaten privacy unless carefully implemented, which service providers will have to bear in mind. Such a system though could identify casual sharing of passwords on the basis of user location for example. As it happens, Synamedia, the company bought back from Cisco by equity group Permira Funds in 2018, recently launched a product to exploit such capabilities to tackle casual sharing of passwords. The idea is that the rump of essentially honest consumers can be brought onside and even tapped for additional revenues, by offering services that enhance rather than block sharing of their video service with friends or family.

Let us know what you think…

Log-in or Register for free to post comments…

You might also like...

The Proven Essentials to Ensure an Effective UI

Innovation in the media and entertainment industry is at an all-time high with devices, backend technologies, operating systems and consumer behaviors constantly evolving. A key element of this evolution is how viewers see, experience, navigate and consume the content they…

Verimatrix Looks for Content Security Converts on Back of AWS API Integration

Verimatrix is seeking to win major customers in broadcasting and pay TV on the back of API integration of its MultiRights OTT multi-DRM with Amazon Web Services (AWS). As AWS continues its strong advance into video services by claiming some…

DPP - The Live Explosion

Away from traditional broadcasting a revolution is happening. Live internet streaming is taking the world by storm with unprecedented viewing figures and improved accessibility for brands looking to reach better targeted audiences. The Live Explosion, hosted by the DPP in…

EBU Teams Up With Digital Production Partnership Over Mastering and Security

The EBU (European Broadcasting Union) has struck a partnership with the Digital Production Partnership Ltd (DPP), a UK based business change network, to promote open standards for interoperability between all components of the video cycle as the industry continues its…

Samsung Gains First Pay TV Customer for Smart TV Security Dongle

Samsung has announced Germany’s HD+ satellite service as the first customer for the TVkey security USB dongle developed in partnership with content protection technology vendor Nagra. The dongle works in conjunction with a chip in Samsung’s latest smart TVs…