Netflix and spill: Web vid giant kills password masking in tests

Now your date will know your passphrase is hunter2


Netflix is testing a new feature that, for some subscribers, shows their passwords in plain text as they are typed in – and potentially when folks revisit the site.

The temporary design tweak, which Netflix says is supposed to help fat-fingered users correctly enter their passwords, does not star out characters as they are typed in. This change may not be rolled out to everyone, though.

"Netflix is currently testing removing password masking to assist members who are having difficulty signing in to their account," a spokesperson told The Register on Monday.

"We learn by testing and these features may or may not become part of the Netflix experience."

However, Reg reader Guy Strelitz, who got in touch about the tweak, noted that the feature may cause your browser to spill your password in plain text in view of anyone nearby – which could be awkward if there's someone chilling next to you, or whatever the kids are calling it these days.

"It is a problem if your browser 1) deletes cookies on closing tabs, and 2) remembers your Netflix password," Guy explained.

"Then it displays your password for all to see as soon as you land on the login page."

This, Guy points out, also presents a larger possible security hazard should that Netflix password also be used for other sites and accounts.

Netflix is so far keeping quiet on how many lucky subscribers are testing this feature and how they are selected. The vid-streaming site usually recruits small groups of customers to run A/B tests with potential new features before they are introduced to all viewers. ®


Other stories you might like

  • Big Tech silent on data privacy in post-Roe America
    We asked what they will do to prevent cases being built against women. So far: Nothing

    Period- and fertility-tracking apps have become weapons in Friday's post-Roe America.

    These seemingly innocuous trackers contain tons of data about sexual history, menstruation and pregnancy dates, all of which could now be used to prosecute women seeking abortions — or incite digital witch hunts in states that offer abortion bounties.

    Under a law passed last year in Texas, any citizen who successfully sues an abortion provider, a health center worker, or anyone who helps someone access an abortion after six weeks can claim at least $10,000, and other US states are following that example.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2022