If you’re going to share passwords for streaming services like Netflix, Disney+, or Hulu with friends or family, you should at least be smarter about it.
That’s the pitch, in a sense, for a forthcoming service called Jam, which acts like a social network for password sharing. Users can display a list of subscriptions they’re paying for—streaming video or otherwise—so their friends can request access, and if the user approves, Jam sends an encrypted version of the login info that’s only visible to the recipient. The idea is to provide a safer and more convenient environment for the kind of password sharing that’s already widespread for subscription services.
Jam isn’t available just yet, though it’ll soon start opening up to people who’ve joined the service’s launch waitlist. John Backus, Jam’s founder, said roughly 3,000 people have joined since he announced the service last week.
“There’s a general trend toward people treating internet accounts in general as not just for them, as something they share among multiple people,” Backus said.
How Jam works
While I haven’t tried Jam myself, Backus walked me through the nearly complete website on his computer this week over video chat.
When you sign up for Jam, you create a user name and master password, then add the login credentials for each individual subscription you want to share. You can then connect with friends by entering their phone number, sharing an invite link, or searching for their user name. Both people must approve the friend request to begin sharing passwords. Once you’ve connected with some people, you can select any password and choose who to share it with. Friends can do the same, sharing their passwords with you.
Because the credentials are encrypted locally on the device you use, Jam itself cannot access the passwords. That means if the site were to suffer a security breach, your credentials wouldn’t be compromised. Backus previously founded the identity-verification startup Cognito and the digital identity startup Bloom, so he has experience working with data security.
On some level, Jam shares similarities with traditional password managers such as LastPass and Dashlane, which also allow users to share login credentials across sites. Jam, however, is built with subscription password sharing in mind, and it shows in the way users can broadcast their subscription lists and quickly add friends to any account.
In the future, Backus wants to add more ways to manage subscription access. If you want to revoke passwords from a former roommate or ex-partner, for instance, Jam might send you to the appropriate password reset page, then update the credentials for the folks you want to keep on board. Backus is also looking at ways to help manage subscription costs, perhaps by letting groups settle up payments or divvy up subscriptions so that everyone’s contributing their fair share.
“Right now I have four roommates, and the amount of things that we are probably allowed to share with each other, but don’t even know because everyone’s always working or traveling, is still something that could probably be optimized around,” Backus said.
Is Jam kosher?
While Jam’s website encourages users to “Binge more” and “Pay less,” and its iconography hints at all manner of media consumption, Backus was careful not to mention any specific services while discussing Jam with me. His demonstration only included placeholder services, with names like “Elderberry” and “Melon.”
Still, those terms of service have always been somewhat at odds with themselves. Are we to believe, for instance, that a family or a group of roommates should be allowed to use a single Netflix account, but not be allowed to share the underlying login credentials?
Here’s the reality: Despite years of hype and bluster about a forthcoming “crackdown” on password sharing, most streaming providers are willing to tolerate all but the most egregious cases of abuse. On some level, it’s a way to protect against churn (no one wants to be the person who cancels Netflix for close friends and family members), and a form of marketing if those users do eventually find themselves cut off. For subscription services that still run commercials, password sharing could even contribute extra ad revenue, especially if the freeloaders weren’t going to pay for service anyway.
Jam might still have to tread carefully, and avoid the appearance of facilitating widespread access to streaming accounts, especially if it gets into areas like cost sharing. (Late last year, for instance, a site called YTFam was shut down after a brazen attempt to sell access to YouTube TV accounts.)
But if password sharing is going to happen anyway, it might as well happen in a safe and secure way. As Backus points out, when people are sharing passwords, they might reuse weak passwords or avoid changing them when they should. And if they share those passwords with others over an email or text message, they’re increasing the risk of further security compromises.
“I care a lot about privacy and security,” he said. “When people share passwords over plain text, and that just gets circulated among their friends, I think that’s crazy.”
Jared Newman has been helping folks make sense of technology for over a decade, writing for PCWorld, TechHive, and elsewhere. He also publishes two newsletters, Advisorator for straightforward tech advice and Cord Cutter Weekly for saving money on TV service.