Accounts are everywhere and the key to everything; whether its an email account, your online banking, or a login to a production content application. Protecting accounts and the credentials used to access them is crucial in today’s online world. The following are Netflix’s recommendations on how to protect both your work accounts as well as personal logins.
- Passphrases - We recommend the use of longer, all lower case, passphrases made up of several words, rather than the usual 8-character passwords with symbols and such. They’re easier to remember AND stronger... XKCD has a cool comic showing why. Favorite song lyrics, memorable quotes, or just a combo of random words work great. Make sure to never write them down on a post-it!
- Password Reuse - While it’s tempting to reuse passwords or passphrases so you don’t have to remember so many, it's really a bad idea. It allows an attacker that has guessed one credential to try it again on other sites... and with so many breaches and other leaks, its really common. Make sure to use a unique passphrase for each site.
- Password Managers - Rather than trying to remember dozens or hundreds of passphrases, apps like 1Password and LastPass can save them all in one secure spot. They integrate with your browser to automatically generate passphrases, save them, and even auto-fill when appropriate. Netflix strongly recommends the use of a password manager; remembering 1 passphrase is way easier than 100s!
- Two Factor Authentication - The single best way you can protect your accounts is to add two factor authentication (sometimes called login verification or 2FA). You probably already have to do this with your banking account; any time you log in from a new device, you’ll either get a text message with a special code or have to approve the login from an app. Even if someone guesses your passphrase, they won’t be able to get in without access to your mobile phone. www.turnon2fa.com has instructions on how to enable this for most sites. Netflix recommends using 2FA wherever possible.
- Account Sharing - Put simply, don’t. Credentials should never be provided to anyone else, including tech support. Sharing accounts substantially increases the risk of unauthorized access. If you do have a need to share an account, please reach out to us first.
- Phishing - The most common way accounts are compromised is phishing, where an attacker sends you an email or text message impersonating another company, like Apple, Netflix, or Gmail. Often they’ll have some sort of urgency, saying you need to log in immediately. The link provided leads to a fake site and when you login, it steals your credentials. While phishing emails can be hard to identify, misspellings, odd grammar, and strange fonts are usually signs, as are weird email addresses. As a safeguard, We recommend to not click on links in email, but rather visit a site by typing the address into a web browser. If you believe you have clicked on a phishing mail and entered your credentials, you should immediately change your password and turn on 2FA.
- Prodicle (Production use only) - When working on a Netflix show, we strongly recommend the use of the Prodicle set of applications whenever possible. Netflix has put in a variety of safeguards and checks to keep the data secure.