Stanley, in the comments of my post about good password practices, asks why security matters for sites like NetFlix. After all, if someone seizes control of your NetFlix account, they basically can just watch some movies before you contact the administrators and regain control of your account.
It’s certainly true that NetFlix doesn’t need the kind of security you put around banking, email, or, you know, nuclear missiles. That said, someone who’s in your NetFlix account could, for example, buy a $100 gift subscription for themselves via NetFlix’s built in gift program.
Someone who’s in your NetFlix account can also find things out about you. They can look at your “taste preferences,” they can view the history of what movies you’ve watched, they can look at your various movie queues and your ratings. They can also look and see what devices you have registered to watch NetFlix on your account, and so get at least a limited sense of some of the rest of your life. For most people, this is probably fairly innocuous information, but it’s not hard to imagine embarrassment coming out of your movie history. For public figures, you could see a minor scandal.
But most importantly, look: you and I both know that you don’t use a separate password for every site. If your security is breeched on one site, your username/password combination is likely to end up in gigantic lists of such information passed around on hacker sites. And when someone tries a big breech on another site, they’ll try your username and password on that site, too.
So, sure, having your NetFlix account hacked is probably somewhere between a minor inconvenience and a moderate inconvenience (if you have to get a few hundred dollars of charges reversed on your card). But losing control of not just your NetFlix account, but potentially ten other (equally individually innocuous) accounts — and when each of those gives people the ability to charge you for a few small things, or gather some personal information about you, you start looking at major financial impact to you and/or serious potential for identity theft or even blackmail.
That’s all assuming that you only repeat passwords between innocuous accounts like NetFlix. If someone seizes, say, a valid email address of yours, then they gain the ability to probably reset your password for your bank account or your Amazon account or your Facebook account, and then all bets are off.
Your various internet service accounts are like the territory you control on the internet. They’re linked in various implicit and explicit ways. Your passwords are like your border control. Once someone’s inside your borders — even if it’s a remote and backwater part of your “territory” — they have opportunities to gobble up more of your online presence.