Discovery Plus has launched, but the security surrounding this service is lacking, at the very least. In fact, if you share your account with someone, you could end up getting locked out.
As we tested out the platform and tried to see how we could log out of all devices on the account, we discovered things weren't all that great.
In fact, when compared to other similar services, Discovery Plus is seriously lacking. Of course, extra features could be added later on, but is security really suppose to be an afterthought here? We think not.
Mass Device Logout
One of the first things we noticed is that anyone on any of the profiles can remove devices that are connected to the account. They can remove them one by one or in bulk. There is no extra security step involved here, which is rather problematic.
Why is this problematic? Well, suppose you share your account with a friend. You two have a falling out, and they go ahead and log out your devices from your own account.
At this point, this can be a simple nuisance as you have to log back in again. But things get worse...
For comparison's sake, Disney Plus requires you to type in a one-time-password that is sent to the email account associated with the account.
The situation takes an even bigger turn next as whoever you share your account with can simply change your password. Since they already have the original password they used to log in with, they can fill that in the first field and then a new password in the next two fields.
No email notifications are sent about the changes to the email account the service is on.
The only thing saving this thing from being a complete and utter nightmare is that when you try to change the email address, they do finally send an email to the account holder asking them to verify the changes.
So, unless someone also has access to your email account, they can't completely take over your Discovery Plus account.
Therefore, taking back control of your account can be as easy as requesting to reset your password when you log in by saying you "forgot" it. You'll then get an email to your account, and you can follow the link inside to reset your password. However, you should not be put in this position in the first place.
On the downside, there's another red flag here, as they allow you to change the password as many times as you want, even going back to an already-used password. As you've probably noticed on numerous other platforms, as a security measure, you are not allowed to reuse an old password.
So, to recap:
- Someone you share your account with can log you out of your devices.
- They can also change your password to lock you out - momentarily.
- Taking back your account will require you "forget" your password so you can reset it yourself.
Again, making any changes of this nature to your account should require more security levels. Just because a full account takeover isn't possible doesn't mean that it should be this easy.
We're going to compare things again with the situation at Disney Plus since it's also one of the most recently launched services. Here, there is the main account profile that cannot be deleted, and any major changes beyond personal preferences have to be certified with a 6-digit code you get via email - changing the email address, the password, or logging out of all devices.
The bottom line is that Discovery Plus needs to up their security game on the service. These issues are not something we would have expected to encounter on Discovery Plus at all.
If you take away anything from this article, please let it be - DO NOT share your account with anyone outside your home.