Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Businesses Television IT Entertainment

Netflix, HBO and Cable Giants Are Exploring New Ways Such as Authentication Using Fingerprints To Crack Down on Password Sharing (bloomberg.com) 116

A coalition that includes Netflix, HBO and cable-industry titans is stepping up efforts to crack down on password sharing, discussing new measures to close a loophole that could be costing companies billions of dollars in lost revenue each year, Bloomberg reported Friday. From the report: Programmers and cable-TV distributors are considering an array of tactics to cut off people who borrow credentials from friends and relatives to access programming without paying for it. The possible measures include requiring customers to change their passwords periodically or texting codes to subscribers' phones that they would need to enter to keep watching, according to people familiar with the matter. Some TV executives want to create rules governing which devices can be used to access a cable-TV subscription outside the home. While someone logging in from a phone or tablet would be fine, someone using a Roku device at a second location could be considered a likely freeloader, one person said. If none of those tactics work, pay-TV subscribers could someday be required to sign into their accounts using their thumbprints.
This discussion has been archived. No new comments can be posted.

Netflix, HBO and Cable Giants Are Exploring New Ways Such as Authentication Using Fingerprints To Crack Down on Password Sharing

Comments Filter:
  • Yeah, no (Score:5, Insightful)

    by kalpol ( 714519 ) on Friday November 08, 2019 @01:08PM (#59394816)
    If you make me use my thumbprint to access my TV, I'm gonna watch something else. I can understand not sharing passwords, but you have to look at your use cases here. Let people have a few one-time-passes a month to send their friends, good for a viewing. Just authorize the device instead. Lots of ways they can avoid shooting themselves in the bum over account sharing.
    • by Anonymous Coward

      It is incredible the lengths they are going to when the answer is so obvious. Just offer plans for amount of simultaneous logins. If a subscriber is on a plan for 3 simultaneous logins and at some point a fourth tries to login, just deny that attempt.

      • Netflix does that already you can pay less if you only want one device streaming at a time

        Just enforce that and expand it. One device, 2 etc. Watch those secondary accounts disappear.

        Also you need to upgrade UI to allow logouts easier. My sister had my Amazon prime account on her tv for years because I logged in once and couldn't figure out how to logout.

      • ^^ THIS!

        Charge an extra $1/login with a family plan of max 5 simultaneous logins or something like that.

        It isn't fucking rocket science -- they have known about this for YEARS.

      • Almost, if you want to make it right, you accept the third (well, first over Max allowed) login and kick off the first, etc. This way, people who share their passwords with lots of others will be inconvenienced, but always able to get back into viewing. And they'll be motivated to change their password and not spread it around as much.
        • Yeah, This is theone I was thinking off too. Also a nice clue if someone gets your password when you keep getting knocked off with an error message about another logon....

    • Re:Yeah, no (Score:4, Insightful)

      by cayenne8 ( 626475 ) on Friday November 08, 2019 @02:17PM (#59395134) Homepage Journal
      If I have to start giving biometric info just to watch some streaming TV, I'll just start reading more books again, and use my OTA TV antenna when I"m between good books.

      Fsck that...

    • Re:Yeah, no (Score:5, Interesting)

      by Guybrush_T ( 980074 ) on Friday November 08, 2019 @03:02PM (#59395344)

      Don't get overexcited on the "thumbprint" idiotic idea that "one person" mentioned "could" be needed "someday". That was never the idea. Fingerprint meant : device + IP fingerprint, not an actual finger.

      • My guess is that they want to allow a device "fingerprinted" as a mobile phone to connect from anywhere but block rokus from multiple locations.
      • If so, we have language for that ("ip address") which is much clearer than what was used ("fingerprint"). They'd be well-advised to get their terms very clear. I'm considering disengaging their services just on the possibility that they may have let the ambiguity ride to "test out" public reaction.

        • If so, we have language for that ("ip address") which is much clearer than what was used ("fingerprint").

          A device fingerprint is a lot more than just an IP address.

        • If so, we have language for that ("ip address"

          Sorry, can't do that. As has been repeatedly stated on here, an IP address does not link someone to a device. Unless you're now saying it can be linked to a specific device and person in which case all those court cases where the RIAA says person X was illegally redistributing their work are now true.

    • Thats what you said when netflix dumped 80% of it's library and switched to streaming only.
          - you stayed.

      That's what you said when they jacked their price up again, and again, and again.
          - you stayed, you stayed, you stayed.

      They aren't shooting themselves in the bum - they are shooting you in the bum and you continue to take it.

    • thats what they meant by fingerprint. ip address plus device. with would mean a email every time your ip changed.
  • by Rashkae ( 59673 ) on Friday November 08, 2019 @01:12PM (#59394826) Homepage

    I would think simply allowing only 1 concurrent session, (or only 1 concurrent ip with up to x number of simultaneous devices.) would be way better than any of these proposals.

    In any case, worrying about this at a time when the proliferation of 'exclusive' content has returned piracy to the top of the value chain is kind of like re-arranging the chairs on the titanic.

    • by whoever57 ( 658626 ) on Friday November 08, 2019 @01:20PM (#59394852) Journal

      I would think simply allowing only 1 concurrent session, (or only 1 concurrent ip with up to x number of simultaneous devices.) would be way better than any of these proposals.

      I pay extra for my Netflix subscription to allow multiple simultaneous streams. Do you think that I (and presumably millions of others) are going to continue paying extra if I can't actually use the simultaneous streams?

      This is all BS. Netflix knows that cracking down on password sharing is a losing proposition. Netflix is just doing this for show, for the benefit of copyright holders.

      • by Kjella ( 173770 )

        I pay extra for my Netflix subscription to allow multiple simultaneous streams. Do you think that I (and presumably millions of others) are going to continue paying extra if I can't actually use the simultaneous streams?

        You see it as one customer paying extra, they probably see it as several customers getting a group discount. It's not like there's one family TV in the living room with everyone fighting over the remote anymore. If you're watching your own thing, on your own schedule on your own device you're practically independent customers even if you happen to live under the same roof. If they said sorry, one stream per subscription would you really like to go back to passing control around? Particularly if they added a

    • by shipofgold ( 911683 ) on Friday November 08, 2019 @01:31PM (#59394928)

      Netflix already has tiers where you get 2 or 4 simultaneous steams. I pay for 4 streams and I should get 4 streams.

      If they attempt to enforce 'who' is watching any of my 4 streams, they will have 1 less customer.

      The streaming services are already trying to extract more payments by divvying up the films/tv across multiple services...NOPE I won't subscribe to more than 2 services simultaneously.

      • I was going to say doesn't the concurrent stream limitation already take care of that? I mean if Netflix suddenly started doing something like that I would just cut my service back from the 4 to 2 streams and my son who occasionally uses it but isn't interested enough to actually pay for it wouldn't sign up.

      • by jythie ( 914043 )
        This. People are not cheating them or depriving them of customers, people are using the feature they are paying for.
      • Netflix already has tiers where you get 2 or 4 simultaneous steams.

        Not only do they do that but they also support multiple profiles on the same account so that each member of my family has their own profile within our account. How exactly do they envision someone with a multiple stream account and multiple profiles on that account is going to use it without sharing the password with other members of their family?

    • Agreed! I continue to hold on to cable because I get tired of constantly having to enter credentials on my ROKU box to enable a stream from all of the various content providers. Also, who can afford to subscribe to all of the different streaming options coming along? There will be diminishing returns if they ramp up security too much on these things.
    • no shit, considering my netflix plan already is only 1 concurrent session, and they have a 'Profiles" feature for literally sharing the account.
    • Easier would be to require two-factor authentication for your login. People willing to share passwords are going to be less likely to have to stick around to actually send over the two-factor code. If the two-factor has to be renewed every six months or so for everything except your most heavily used device, that's going to clip a lot of wings.
  • Well (Score:3, Insightful)

    by RickyShade ( 5419186 ) on Friday November 08, 2019 @01:15PM (#59394832)

    Lately I've been realizing that I spend way too much time sitting in front of my TV. I spend almost all my free time doing that. I don't go out, I don't exercise, I don't do anything with my life anymore. I am addicted to a multitude of TV shows and it is having a negative effect on my life. And I'm realizing that watching all these TV shows isn't enriching my life in any way whatsoever. I don't talk about these TV shows with anyone, I don't use them for inspiration, not even small talk at work. Nothing. It's just mindless entertainment that I lazily intake while I waste away. Maybe I should do something else with my free time. Maybe I should get back out into the world. Maybe you'll push me to do that, as you become more draconian with your policies of greed.

    • by zidium ( 2550286 )

      What are the TV shows?

    • If you find exercise easier than simply pirating, then you are definitely on the wrong site.
    • Lately I've been realizing that I spend way too much time sitting in front of my TV. I spend almost all my free time doing that. I don't go out, I don't exercise, I don't do anything with my life anymore. I am addicted to a multitude of TV shows and it is having a negative effect on my life.

      I hope you're joking. I think most of us realize by the time we're about 35 that TV shows are just the same thing over and over. I can't imagine anyone would really enjoy sitting around watching the same crap for decades. Would they? Surely people must have other interests.

    • by Pascoea ( 968200 )
      I didn't realize my daughter's boyfriend posted on Slashdot.

      not even small talk at work

      Oh, never mind, he doesn't have a job. This can't be him.

  • Roku? (Score:4, Interesting)

    by Kazymyr ( 190114 ) on Friday November 08, 2019 @01:17PM (#59394836) Journal

    How would you use a fingerprint on a Roku?

    • How would you use a fingerprint on a Roku?

      Even if you could, wouldn't that imply that they want to license streaming content per-person? Fucking ridiculous.

      I'm not paying for streaming for every person in the house, because they'd all need their fingerprints registered to use the damn TV.

    • by Pascoea ( 968200 )
      It's not a huge technical leap. Either use the fingerprint reader that's on a lot of smartphones, or just put a fingerprint reader on the remote. I'm not saying I support the idea, I'm just saying that it's not a giant technical hurdle.
      • How are they going to put a fingerprint reader on my LG TV's remote and my android box? Or are you proposing that Netflix reduce their clientele down to people who go out of their way to procure the correct hardware? That would decimate their target demographic.
        • by Pascoea ( 968200 )

          Well...the title of this particular post is "Roku", which ships with a remote that they provide. But on this completely new topic of "other hardware" the smartphone part of my answer still applies. And then these other hardware manufacturers could also introduce fingerprint sensors on their devices. As far as decimating their target demographic, completely agree. IF they choose to go down this route, I imagine it would occur slowly over a period of time, using other forms of validation until the fingerp

    • How would you use a fingerprint on a Roku?

      How would you use a fingerprint with no fingers? This is very discriminatory against fingerless people!

  • by chill ( 34294 ) on Friday November 08, 2019 @01:17PM (#59394840) Journal

    The media industry seems to think that every pirated copy or unauthorized viewing represents lost revenue. It doesn't. If they came up with perfectly uncrackable DRM that prevented any form of unapproved consumption, they would rapidly discover that much of the unpaid for consumption would simply vanish. It wouldn't convert to paid customers, people would just do without.

    The next step would be when they find that they lose a lot of the buzz they get from wide viewership.

    • Honestly, if I had no choice but to go rent every movie that I want to watch, I'd do it. But, the shit's free, so...

    • Exactly! They minds are so clouded from capitalistic greed that they can't even evaluate a simple issue like password sharing with rational thinking.

      Imagine if car manufacturers claimed that friends/family borrowing cars is costing them "billions" and implemented fingerprint authentication to start cars!

    • by mark-t ( 151149 )

      It wouldn't convert to paid customers, people would just do without.

      I think the point is that they are entirely okay with that. At the very least, consumption of content would truly reflect the legally authorized demand, and not be artificially inflated by the presence of unauthorized viewing.

  • by H_Fisher ( 808597 ) <[h_v_fisher] [at] [yahoo.com]> on Friday November 08, 2019 @01:20PM (#59394854)

    TFA says Netflix, HBO, et al. want "to close a loophole that could be costing companies billions of dollars in lost revenue each year" -- with no realization that the lost-sale fallacy can apply to subscription services as well.

    Looks like we're about to see the whole, stupid, time- and money-wasting cycle of playing Whack-a-Mole with "streaming pirates" happen all over again. I can't wait for the patronizing attempts to reframe the debate ... "You Wouldn't Share a Netflix Password." [wikipedia.org]

  • by jabberw0k ( 62554 ) on Friday November 08, 2019 @01:21PM (#59394858) Homepage Journal
    To make that work, you would have to ensure the integrity of each thumbprint-reader before each use. Unless someone can invent a locked-down, tamper-proof, fool-proof thumbprint reader, and a matching tamper-proof spoof-proof algorithm for it, this will require a security officer to stop by your house before each use. Seems totally workable!
    • It doesn't have to be fool proof. It has to be casual user proof, and that's a solved problem. See iphones, etc.

    • by G00F ( 241765 )

      Software thumbprint readers like we have software cd/dvd roms, you know, to get around the DRM of need to have a CD/DVD in drive to play games.

      There are easier ways to do wha tthey want to do. You know like noticing users logging in via diff IP's that are geo located to different areas.

      Oh, and their phone text prompt is easier to get around by sharing/forwarding text messages. We already have this automatically with google voice....

  • by userw014 ( 707413 ) on Friday November 08, 2019 @01:22PM (#59394870) Homepage

    I barely watch these services as it is. If a service starts interrupting my viewing of something, I drop the service. I tried to watch CBS All Access for the new Star Trek series - but the advertisements were so foul that I dropped CBS and won't be going back. Ever.

    I do have a Netflix subscription (that's the ONE I barely watch.) I justify it as supporting my children. But if they make it unwatchable to me, I'll drop it.

    I know I'm a bit extreme - but over the course of my life, people have been adopting my perspective more and more. These services are replaceable commodities.

    And just think of what Disney's movie distribution model was for decades - they'd bring out their "classics" rarely. People got used to NOT seeing them. That can happen again.

    • I do have a Netflix subscription (that's the ONE I barely watch.) I justify it as supporting my children.

      Surely there are better ways to support your children.

  • by Comboman ( 895500 ) on Friday November 08, 2019 @01:24PM (#59394876)
    Apparently, they have learned nothing from the video game industry. Consumers will not tolerate intrusive (i.e. non-transparent) protection schemes. The first time I have to type in a code from my phone to continue watching TV will be the last time I ever watch Netflix. Back to piracy (or DVDs).
  • by Anonymous Coward
    You can't have a consumer-driven economy when consumers don't have any disposable income [imgur.com].
  • by Holi ( 250190 ) on Friday November 08, 2019 @01:28PM (#59394904)
    I'll just go back to BitTorrent.
    • Exactly - BItTorrent doesn't give a crap who I am. Byeeee!
    • I'll just go back to BitTorrent.

      Netflix convinced me to avoid bittorrent. They made it easy to watch a lot of pretty good stuff without ads, except the annoying dahduuumm sound that accompanies their logo at the start of each show, which I can tolerate.

      They don't have everything, and that's the big problem. Worse is they're losing content. For example, Disney is pulling their catalog to start their own service (and nothing of value was lost). Better Call Saul is on Stan. I got into The Expanse on Netflix and now it's moved to Prime. Peo

  • close a loophole that could be costing companies billions of dollars in lost revenue each year

    Lost revenue? They are assuming that everyone who uses a friends/families credentials would actually pay for the service.

    Second thing, its pretty easy to fool most finger print readers these days. Even the high end ones can be fooled with a warmed up gummy bear impression of a finger print.

    Third, part of the appeal of a Roku is that it is small enough to take on vacation with you and plug it in at the hotel to watch tv. So how do you know it isn't me watching from different locations?

  • "Lost" revenue? Interesting turn of phrase. Can a company really "lose" revenue that it never earned in the first place?

    • Well, you have to figure SOME percentage of the freeloaders would sign up if they couldn't get it for, so that unknown percentage could be considered lost. Technically, Netflix delivered a service so they DID earn it.

  • discussing new measures to close a loophole that could be costing companies billions of dollars in lost revenue each year

    That calculation rests on the faulty assumption that if Bob can't use Alice's password to watch Netflix he will sign up for Netflix on his own.

  • ... and not only will I never auth biometrically, just their considering the option has me thinking in terms of scaling down purchases from anybody involved in this assinine idea. I knew how to have fun on a Tuesday night well before Netflix came along and began branding "chill".

    • I couldn't agree more. I've been a happy Netflix subscriber for many years. Raising prices a couple bucks? I don't care. Movie X is gone? I don't care. It's a cheap service, and I get more enjoyment than the small price it costs me. I also don't share my passwords for anything with anybody.

      But I gotta say, the day I have to hand over fingerprints to Netflix is the day I cancel without the slightest regret. There's a line, and that's WAY over it.

  • by rsilvergun ( 571051 ) on Friday November 08, 2019 @01:44PM (#59394996)
    I'll stop paying all together. So go ahead and try it. I've got books, video games, YouTube, /. and reddit and a dozen other nonsensical things to keep me occupied. And if all else fails I can go back to DVD/Blu Ray. I don't need you. I tolerate you because you're cheap and convenient. Take that away and you and me are done.
  • Obvious greed at the cost of customer convenience does not work period. We will quit using your already overpriced service faster than the speed of light if you make it inconvenient to try and boost your revenue.
  • by Miamicanes ( 730264 ) on Friday November 08, 2019 @01:53PM (#59395058)

    There's no need to torment legitimate users with authentication annoyance. Just limit the number of concurrent streams.

    Cheapest plan: one stream. Attempting to launch a second stream auto-boots the first one. If you share an account with a friend, you'll probably annoy each other enough for the one paying to stop sharing.

    2-stream plan: 133% of cheapest plan. As a bonus, an additional stream is allowed as long as it shares the same IPv4 /31 or IPv6 /64 network.

    family plan: 150% of cheapest plan. 2 streams from any IP, plus unlimited streams from the same IPv4/31 or IPv6/64 network. Additional streams are 40% cheapest plan, with a maximum of 6.

    If two friends split a family plan, the service loses little, because it's only paying to process a single monthly fee.

    If I pay $15/month for a family plan & charge 10 friends $8/month apiece to get extra streams added, well, great... I'm now a guerrilla wholesale reseller, responsible for dealing with my own "customer service" headaches. Beyond 1 or 2 friends, or really if ANY semi-strangers were involved, the scheme would fall apart after a few months anyway when somebody sharing the account cheated & tried using more than one stream during peak viewing times & everybody else kept getting knocked off round-robin style. Our enterprising guerrilla wholesale reseller would either have to watch people drop out in frustration, or would have to buy additional streams & hope the freeloading problem didn't get worse... and if he charged more, it certainly WOULD. As the pool of users increased & monthly share of the cost increased, trustworthiness within it would decrease until it wasn't *worth* the hassle of joining a shared pool just to save a few dollars per month.

    It's no different than mobile phone family plans that share a data pool. Sure, you could join a 4-person "family"... but with no ability to limit data use per phone, one single pool member could get everyone else throttled until everyone else got fed up.

    The key to keeping shared accounts profitable is to maximize opportunities for Tragedy of the Commons to rear its ugly head. If two people sharing a 1-stream account rarely get in each other's way, chances are that one or both would have cancelled the subscription *anyway* due to high cost and limited perceived value due to infrequent use.

    The whole reason people use their PARENTS' cable logins is because until recently, the only way to GET access to a channel's stream was to subscribe to an expensive cable TV package whose monthly fee VASTLY exceeded the value of a channel or two. Now that OTT streaming packages have proliferated, it's not as big of a motivation anymore.

    My guess is that the pressure isn't on Netflix or Hulu... or even HBO. It's on the cable companies THEMSELVES who are desperate to preserve their outrageously expensive "take it or leave it" business model, in conjunction with their historical fetish for charging by the outlet/box.

  • Should be ... exploring ways to make it harder for legitimate customers to use their service, to push them towards piracy

  • What netflix doesn't understand is roku's don't have fingerprint readers. So what they would end up doing is using an app to authenticate, this would not stop VPN's either.

    • by bn-7bc ( 909819 )
      I foubt they mean fingerprint in the biometric semce, rarher a device fingerprint, ei mac address and posdibly cpu id
  • Or they could offer family plans like Apple does.....Apple Music works so well with that.

  • FBI: We hear you have a massive collection of fingerprint data. Here's a court order allowing us to search the whole thing.
    HBO: Come on in!

  • by sjames ( 1099 )

    Hey babe you wanna Netflix and chill.

    Just a sec, I have to give it my fingerprints.

    [RING, RING], "Hello", "What was the name of my best friend's sister's second favorite pet?..."

    Just another minute babe, gotta give 'em a DNA swab...

    Babe? Where you going??!!

  • I have had to cancel certain over the top TV services and switch to others for a simple fact, our household watches our subscriptions in 2 different locations 45 minutes apart all the time. If I'm north of my home in San Diego I watch television on my boat over my hotspot in Dana Point, meanwhile my wife is at home watching it on our home TV. Its been nothing but problems having this simple scenario work. I pay for 2 streams, I have 2 locations where I watch television. One in the San Diego TV market an
  • hope it is just talk and it stays that way. I pay for my services but start making it a pain to login and it would be bye-bye. just too many places online where I can watch the same thing without the inconvenience.

  • I've seen this before with streaming services. Both Hulu and Netflix for a long time would not work on Linux for years.

  • When another party requires me to authenticate myself using my fingerprints, does it mean that I have to send them my fingerprints? Or do the third party trust the fingerprint reader's manufacturer, and my fingerprints will only be kept inside of the fingerprint reader's storage? I'm asking because I wouldn't give my fingerprints to any third party, let alone for a silly purpose such as watching TV shows.
    • Who cares what they claim, are you going to trust them?

    • by AHuxley ( 892839 )
      Re "does it mean that I have to send them my fingerprints? "
      Depends on the how and who the brand will trust..
      First settings needed for a new account? The person entering the CC and doing the set up is asked for a fingerprint.
      That gets the data needed as part of a new account.
      The box, tv remote reader is then sent out to every user? Do they trust some OS brand and computer hardware... to read the print data in?
      Do they trust any random third party reader on a laptop, smartphone, crypto?
      So they make
  • These people already aren't considering becoming customers. All you'll do is drive away existing customers.
  • by enjar ( 249223 ) on Friday November 08, 2019 @03:10PM (#59395384) Homepage

    I remember when I was a kid in the 80's seeing some group destroying their televisions and thought they were just plain weird. I saw "Kill Your TV" bumper stickers and thought "those people seem a little nutty". I must admit as time keeps going on and these kinds of schemes keep getting cooked up it seems like a better and better idea.

  • what next facial recognition to watch TV? I want my dumb TV back!
  • Especially if you have a willing participant like a family member who wants to share their account with you ... https://fortune.com/2016/02/24... [fortune.com]
  • I'm going to guess that everyone on here knows at least one person who is mooching their streaming service from a non immediate relative. This is why we can't have nice things. Now the question is how do they implement this. For me I only stream on 2 devices so I'm not really worried.

    • Nice things != TV

    • by AHuxley ( 892839 )
      Recall PRISM? All that US brand telco and computer data going to the NSA, GCHQ, Canada, New Zealand?
      That was for years of data, voice prints, all crypto access.
      Now its a fingerprint account shared with 5 eye governments because the NSA asked?
      Want the gov of New Zealand knowing about every file getting played back on a display?
      Want some international travel and New Zealand recalls that "fingerprint" watched the wrong media file, no entering New Zealand.
      Other nations see that full gov block on travel fo
  • by Anonymous Coward

    HBO can scan my middle finger while I download a torrent.

  • by lamer01 ( 1097759 ) on Friday November 08, 2019 @03:47PM (#59395556)
    What are they trying to enforce exactly? Their whole pricing model depends on people consuming multiple streams. My daughter is abroad currently and using her login to NFLX. How are they going to deal with that?
  • I share my password with my three kids and when they stop me from doing that, I will cancel my service.

  • The possible measures include requiring customers to change their passwords periodically

    But changing passwords too often is a bad idea

    Frequent password changes are the enemy of security, FTC technologist says [arstechnica.com]

    or texting codes to subscribers' phones that they would need to enter to keep watching, according to people familiar with the matter.

    They're going to start requiring subscribers to own mobile phones?

  • Too bad it doesn't work the other way around.

    I pay Netflix $12.99 for their standard plan that gives me access to their service and HD content 24/7 on up to on 2 devices at the same time. But I only use their service 1-2 hours a day and on 1 device at a time.

    It would be nice if I could get credit for the 22 hours of the day that I'm not using their service and for not using access to the 2nd device.

  • Netflix is going to lose a LOT of business if they start cracking down on password sharing and I have NO idea what Tom Rutledge is whining about. If you're allowed to have a certain number of authenticated devices then it shouldn't matter if it's friends or family and if you aren't restricting an account to a certain number of either concurrent logins or authenticated devices then that's a technical problem that you should be able to fix on your end.

    Bottom line is STOP blaming consumers for using services
  • drive away family use.
    Fixed your headline for you
  • don't ask me for finger prints,so guess what...

  • A local biometric alone wouldn't help. However if you have key material on the phone, where the public exponent of that key material is enrolled for their account, and the private exponent is unlocked with the local biometric, that would work.

    It's really amusing and frustrating to hear WebAuthN described as "Sign-In with your thumb". It's a cryptographic signing of the challenge request that is validated server side; the biometric is a local (to the device) challenge.

  • Easy answer is 2 factor authentication + regular expiration of logins. Share for a week or two works, but they aren't getting back in unless they call you and bug you for the magic number that you got sent by text.

Keep up the good work! But please don't ask me to help.

Working...