The recent revelations about hundreds of millions of user names and passwords showing up for sale on the Dark Net from sites like Twitter, LinkedIn and MySpace has sent ripples of uncertainty through the entire digital world. If the data breaches of those companies were so much larger than it was originally thought, what other grim news might be on the horizon. What other hacks don’t we know about yet?
In the midst of this fear and uncertainty, it’s nice to get a bit of good news, and that good news comes to us courtesy of Netflix. The company has taken a highly proactive and exceedingly responsible approach to the issue of passwords. It is company policy to keep a watchful eye out for large scale releases of databases like this, containing millions of user passwords.
Netflix will analyze the data that those databases contain, and compare the passwords found with any passwords found in its own user base, knowing that despite repeated warnings to the contrary, a great many users are still using the same passwords across multiple websites and password protected services.
If it finds a match, or near-match, it will auto-reset that user’s password and send them an email explaining why the action occurred. It should be noted that at least thus far, Netflix itself has not fallen victim to a large-scale breach. Whether or not this type of action has played a role in that cannot be said for certain, but it seems an intuitive conclusion to imagine that it helped. In any case, it certainly can’t be said to have caused any harm or made things less secure.
If more companies would take similar actions, it would go a long way toward mitigating the damage that these large-scale breaches can cause, and is certainly a strategy well worth considering.