nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Netflix and spill: Web vid giant kills password masking in tests

Now your date will know your passphrase is hunter2

By Shaun Nichols, 29 Nov 2016

Netflix is testing a new feature that, for some subscribers, shows their passwords in plain text as they are typed in – and potentially when folks revisit the site.

The temporary design tweak, which Netflix says is supposed to help fat-fingered users correctly enter their passwords, does not star out characters as they are typed in. This change may not be rolled out to everyone, though.

"Netflix is currently testing removing password masking to assist members who are having difficulty signing in to their account," a spokesperson told The Register on Monday.

"We learn by testing and these features may or may not become part of the Netflix experience."

However, Reg reader Guy Strelitz, who got in touch about the tweak, noted that the feature may cause your browser to spill your password in plain text in view of anyone nearby – which could be awkward if there's someone chilling next to you, or whatever the kids are calling it these days.

"It is a problem if your browser 1) deletes cookies on closing tabs, and 2) remembers your Netflix password," Guy explained.

"Then it displays your password for all to see as soon as you land on the login page."

This, Guy points out, also presents a larger possible security hazard should that Netflix password also be used for other sites and accounts.

Netflix is so far keeping quiet on how many lucky subscribers are testing this feature and how they are selected. The vid-streaming site usually recruits small groups of customers to run A/B tests with potential new features before they are introduced to all viewers. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing