Password sharing is not a pressing concern for most publishers

Fresh attempts by streaming platforms to crack down on password sharing have prompted many publishers and media companies to consider whether they’re doing enough to secure their own subscription products in recent months.

Publishers already employing strategies to combat account misuse say they’re mostly satisfied their measures are keeping password sharing to acceptable levels. Others are currently in the process of exploring and implementing mitigation approaches, while some are simply turning a blind eye and focusing their attention and resources on other priorities instead.

“It isn’t really a big area of concern for us,” said the chief product officer for one major business news publisher. “We of course review it periodically, but I think we put the right measures in place early on so we feel comfortable with how we’re doing.”

Some publishers have reached the conclusion that although cracking down harder on account sharing could help them squeeze some additional revenue, focusing on other areas will benefit their businesses more. Policing it can be costly, time-consuming, and suck up resources that might be put to more effective use attempting to retain and engage subscribers instead, they say.

“We did look at it, but we see less effort and more potential in other initiatives for now,” an executive at another major publisher said.

Widespread password sharing can present a significant risk for publishers if left unchecked, resulting in diminished subscription revenues, loss of valuable user data, and skewed metrics. But when monitored and managed carefully, some publishers believe it benefits their businesses by exposing their content to new audiences and providing valuable sampling opportunities that ultimately help to grow their paying subscriber bases.

Concerns around password sharing were particularly prominent three to five years ago, as many publishers first experimented with subscription models and products. At the time, most did not have the ability to accurately measure account abuse, leaving them in the dark as to how prevalent the activity was. 

But over the past few years, most major publishers and subscription technology providers have developed systems and processes designed to identify the behavior and to limit any negative impact it has on publishers’ businesses. With those measures in place and their minds more at ease, executives now say password sharing is taking a backseat to other more pressing concerns, including retention and data initiatives. 

It’s also become clear that the password-sharing dynamics seen by streaming video and audio platforms don’t necessarily translate to most publishers’ subscription offerings. Publishers’ products don’t typically have the same broad appeal as those offered by companies such as Netflix or Spotify, so sharing activity is likely less prevalent as a result.

According to subscription technology provider Piano, the median “suspicious activity rate” for accounts across publisher sites that use its technology currently sits at 1%. That implies password sharing “is a very small problem” for most news and information publishers, said the company’s executive vice president of strategy Michael Silberman, although he did not indicate how many individuals could be abusing that 1% of suspicious accounts.

Piano began making its “suspicious activity reports” available to its clients on a self-service basis in 2021, which consider simultaneous logins, IP addresses and other information to identify accounts that appear to be sharing credentials. Elsewhere, subscription software provider Zephr said some of its clients have seen significant revenue boosts after implementing measures to limit account misuse, particularly among B2B publishers. The company provides tools to help publishers combat the behavior, including the ability to cap the number of sessions single accounts are allowed concurrently.

Publishers say they’ve also seen success limiting suspicious account behavior by implementing two-factor authentication or passwordless logins, periodically resetting passwords, and simply telling users when their accounts are displaying suspicious activity in an attempt to dissuade it. (See the Toolkits guide on how to limit password sharing for more detailed information.)

Approaches to password sharing vary

Different publishers are employing different mentalities and approaches to password sharing, which often vary based on the nature of their content, audiences, experience, budgets, capabilities and business priorities.

Broadly speaking, most publishers are approaching password sharing in one of four ways. They:

1. Have systems in place to identify password sharing but currently do little to curtail it beyond egregious cases.
2. Have systems in place to identify password sharing and attempt to upsell suspicious account users to shared or group subscriptions.
3. Have no systems in place to identify account abuses but intend to install them.
4. Have no systems in place to identify suspicious accounts and plan to continue turning a blind eye for the time being.

Many smaller publishers say they lack the technology to identify possible account-sharing activity, let alone the resources or the ability to attempt to combat or capitalize on it. Others say they’re less concerned about it because of the nature of their subscriber bases or the price points of their products.

“We have not had any conversations about this, and I don’t think we even have access to the data sources that would begin to hint at how common of a thing that is,” said the revenue chief at one independent consumer-facing publisher. “I can appreciate why another business might look into it, but I can’t imagine any small publisher deciding that problem to be so widespread as to be worth the effort to curtail.”

By contrast, publishers targeting professional and business audiences often pay particularly close attention to account sharing. That’s in part because their products are typically priced significantly higher than most consumer-facing publications, meaning a single instance of account abuse could result in thousands of dollars in lost revenue. Business publishers also see particular value in the opportunity to upsell accounts they suspect are being used by multiple people.

“We aren’t Netlix or the New York Times, so our size and B2B focus allows us to take a more personal approach,” said Jason Clampet, chief product officer at travel industry publisher Skift. When Skift discovers a violation, it generally uses it as an opportunity to upsell offenders to multi-seat licenses, which Clampet says generally “goes over well.” Offenses are handled on a case-by-case basis, he said. 

Some publishers say they’re playing catchup and intend to do more to identify, combat and ideally capitalize on password-sharing activity this year — particularly those actively seeking ways to monetize their subscriber bases more effectively.

But for now, many publishers say they’re satisfied with their approaches to the issue, either because they believe they’re functioning adequately, there’s no significant upside to tackling it, or because they simply lack the resources or the inclination to attempt to quantify its impact on their businesses.