Netflix login issues
September 6, 2016 8:39 AM   Subscribe

I've been getting messages from Netflix every month or so stating that they have seen suspicious activity on my account, and I need to change my password. I use strong passwords (12 characters, generated by a password manager). Usually, I see no suspicious activity on my account, but this weekend there did seem to be access from somebody other than my family, and no message from Netflix this time. Is there anything more I can do to secure my Netflix account?

Netflix has forced me to change my password four times since July 17. Once, on July 19, there did appear to be unauthorized access from a PS3 in California, then again this weekend, there appeared to be unauthorized access from a Bluray player in Michigan (I'm in Pennsylvania).

Once, I changed my email address on the account, and every other time I've changed the password with the PasswordSafe password manager (completely random 12 character password with special characters). I've spoken to Netflix representatives twice, and the only advice that one of them gave me is that if this happened again that I should cancel my account entirely and start again.

Has this happened to anybody else? Is there anything I can do to improve security on Netflix?
posted by dforemsky to Computers & Internet (7 answers total)
Yes, something like this has happened to me. I didn't get more than one notice from Netflix to change my password, but I was certain that other people were accessing the account over a length of time. For a while, I was lax about addressing it because I assumed it was an ex or something.

What finally solved it was making sure not only to change my password, but 'sign out of all devices'. When you use Netflix on a PS3 or Bluray player or Roku or even an iPad you don't usually have to type in the password because you've 'authorized' it once, so deauthorizing everything should do the trick.
posted by destructive cactus at 8:51 AM on September 6, 2016 [10 favorites]

I believe Netflix now allows much longer passwords than it used to. If you're using a password manager anyway, there's no good reason to stay as short as 12 characters.

For passwords that equipment limitations dictate must be entered by hand rather than pasted from my password manager, I like to use five groups of five lowercase letters separated by dots, like hqkna.bendc.hhboc.nweff.igquw - these are easy enough to transcribe accurately while being more than long enough to remain uncrackable for the foreseeable future.
posted by flabdablet at 9:35 AM on September 6, 2016 [1 favorite]

Are you sure those messages really came from Netflix?

I've been receiving messages like that recently from big banks telling me to change my password. Thing is, I don't have an account with those banks, and the link to change it actually goes to a seedy server in Ukraine.
posted by Chocolate Pickle at 10:27 AM on September 6, 2016 [5 favorites]

I've always checked the box to log out of all devices when changing the password. One of the call center employees said that she logged me out, too. I wonder if the implementations on different devices have bugs that would bypass this? Hopefully not.

The unauthorized viewing has only occurred on my wife's profile. She rarely uses Netflix, so that may be why.

I like the idea of breaking up the password into subgroups. That will definitely make entering the password on Roku (and Tivo and PS3) much easier.
posted by dforemsky at 11:07 AM on September 6, 2016

But that's the thing, you don't need to enter the passwords on those devices; you activate them via a web browser on a computer, and that's how this is happening (I suspect).
posted by destructive cactus at 12:17 PM on September 6, 2016

It may be that one of your computers has been hacked with a keylogger. Statistically, it's likely to be a Windows desktop PC, but it could be a Mac as well. You change the Netflix password, login on that device and the hacker gets your password again as you type it in.

I would run an offline virus scanner on your PCs if you have Windows. Not sure what to do if you have a Mac, but definitely update it to the latest version. If you're running a Mac that can't be updated, I would recommend against continuing that practice.
posted by cnc at 1:19 PM on September 6, 2016 [1 favorite]

It may be that one of your computers has been hacked with a keylogger.

That's certainly possible, though I'd rate Chocolate Pickle's phishing hypothesis as much more likely to be correct than this one.
posted by flabdablet at 10:38 PM on September 6, 2016

« Older Must I respond to a police "welfare check?"   |   story from the 70's or 80's about the Jerry Lewis... Newer »
This thread is closed to new comments.