Skip to main content

Synacor Cracks Down on Password Abuse

Synacor says it’s taking aim at video subscription password abuse with Forever Login, a new upgrade and feature for its Cloud ID authentication system that, it claims, will hold benefits for MVPDs as well as pay TV subscribers.

On the MVPD end of it, this enables them to maintain control of the number of concurrent devices are allowed to be signed into authenticated TV Everywhere services as well as the length of time before viewers need to log in. That latter part, length of time, could be set in perpetuity so long as a trusted linkage has been established between a device and the TVE application/service. The same could also be applied to virtual MVPDs that require customers to enter their credentials to access their subscription service.

On the other side of the service ledger, consumers have the ability to register trusted devices, such as tablets, smartphones, smart TVs and TV-connected devices, as part of an operator’s TVE sign-in process. Once that level of trust is established, it’s possible for the consumer to access TVE content without having to reenter their passwords, whether they are viewing that content in or out of the home.

Consider it a step beyond automated in-home TVE authentication that established trust when the consumer had a device connected to the home network. Many Synacor TVE authentication customers wanted to offer a similar process that eliminated the need for pay TV subscribers from constantly having to reenter their credentials while they were outside the home as well, John Kavanagh, executive director of identity services at Synacor, said.

“They wanted to deliver the same user experience benefit…and we brought the trust along with it with device registration,” Kavanagh said. “The end-user experience of home-based authentication really set a high bar. They wanted to take that high bar and extend it elsewhere.”

Synacor said Forever Login can be paired with its Single Sign-On technology, which lets users log in across multiple apps.

It’s starting to introduce the new feature to a subset of its current customers, with Service Electric Cablevision the first to be identified. Other Synacor customers include Sling TV, PlayStation Vue, AT&T, HBO, WideOpenWest, Armstrong Cable, Atlantic Broadband, CenturyLink Cable One, Cincinnati Bell, Mediacom Communications, Verizon, GCI, Hotwire, Charter Communications, Windstream, and Grande Communications, among others.

RELATED: Synacor Shares Fall on Slow Revenue Ramp from AT&T Deal

Password sharing among friends and family has been a concern that’s been aired publicly by MVPDs such as Charter. 

A recent study from Hub Research and CTAM that tracks the TV Everywhere market shed some light on password sharing with friends and family. The survey, based on 3,491 MVPD subs 18-74 who watch at least five hours of TV per week, found that 28% said password sharing with a friend of a family member or a friend of theirs is permitted, and 33% said password sharing is permitted for a family member who lives outside their household permanently. 

However, the greater concern are “commercial-level” illegal activities and dark markets that buy, sell and exploit those credentials, Kavanagh explained.

Device-level trust adds another layer of security for MVPDs while also making the sign-in process an easier one for consumers, while also providing more transparency to both.

“Once we’re able to register that device securely as part of the sign-in flow, we then connect that with a complete list of devices that have been used with a given subscription, Kavanagh said. “We not only expose that master list to the end user for their own benefit on things that might be suspicious, but on the operator side, it gives them a depth of awareness they haven't had before. It allows them to have a fine instrument to enforce their business rules and security policies."

If there does appear to be suspicious activity occurring on a device, or there’s fear that a password was stolen, consumers also have a self-care capability whereby they can monitor usage and even remotely log off a device or terminate a device’s connection to the subscription service.