In the midst of this fear and uncertainty, it’s nice to get a bit of good news, and that good news comes to us courtesy of Netflix. The company has taken a highly proactive and exceedingly responsible approach to the issue of passwords. It is company policy to keep a watchful eye out for large scale releases of databases like this, containing millions of user passwords.
Netflix will analyze the data that those databases contain, and compare the passwords found with any passwords found in its own user base, knowing that despite repeated warnings to the contrary, a great many users are still using the same passwords across multiple websites and password protected services.
If it finds a match, or near-match, it will auto-reset that user’s password and send them an email explaining why the action occurred. It should be noted that at least thus far, Netflix itself has not fallen victim to a large-scale breach. Whether or not this type of action has played a role in that cannot be said for certain, but it seems an intuitive conclusion to imagine that it helped. In any case, it certainly can’t be said to have caused any harm or made things less secure.
If more companies would take similar actions, it would go a long way toward mitigating the damage that these large-scale breaches can cause, and is certainly a strategy well worth considering.