How does Netflix know my password?

passwords firefox netflix

Whenever I go to the Netflix main page in Firefox, I'm automatically logged in.

However, when I open up Firefox's list of saved passwords, I notice that Netflix is not among the sites Firefox is keeping passwords for (Options -> Security -> Saved Passwords)

How does Netflix know the password if Firefox isn't storing it, and where is it being stored?


To answer your first question, Netflix doesn't know your password.

What Netflix and every other competent website out there does is hash your password using a one-way hashing scheme (MD5, SHA-1, SHA-2, etc.).

What this does is essentially create a unique fixed-length hexadecimal fingerprint that identifies the string of text that is your password. For instance, here's what my-secure-password looks like after being hashed using MD5:

MD5 hashing

They store this hash in their internal database and every time you log into Netflix, the password you supply during the login process is hashed once again using the same scheme and is matched against the copy of the hashed password stored in their database.

If they match, they know that you've entered the correct password and you're granted access. If they don't, you're not authenticated. This is why when you click on some variation of the Forgot password link they don't send you your old password but rather ask you to choose a new one. It's because they don't know what your password is either.

So how are you logged in if Firefox did not store the password for Netflix?

The answer to that is session cookies. When you logged into Netflix (maybe a while ago), you may have chosen to remember your session.
remember me?

If you did, Firefox stores a small tidbit of information on your computer that uniquely identifies you whenever you visit Netflix. These 'cookies' as they are called generally persist for a short period time until the session is active and then expire. Some however may last weeks or longer. Delete that cookie and Netflix won't remember you.

Netflix cookies

Regarding your second question, if Firefox didn't 'remember' the password, it isn't stored anywhere. What's stored is the cookie. Firefox stores them in its Profiles folder in the file cookies.sqlite which is a SQLite database file.

Lastly, if you opted to log in through your Facebook account, you wouldn't need a password and so Firefox wouldn't store one.

login using Facebook

However, a cookie would still be created to identify your session.


Netflix – like most other websites – doesn't care about your password during normal browsing. Instead, when you log in, Netflix has the browser store a 'cookie' with the login session ID. The browser sends it back every time it requests a new page. (Likewise, the password storage in Firefox is not used during normal browsing, but only for auto-filling the password field in login pages.)

The session cookies are usually generated randomly and don't have any relation to your login or password – only Netflix itself can link it to your account.

To see them, right-click the page, select "View Page Info", and under "Security" click "View Cookies".

Related

SSD vs HDD. Help me choose [closed]
Install a second SSD that already has Windows 10 installed on it
Alternatives to TextEdit?
Using an Rj45 to D9 RS232 Adaptor with a laptop to control an RS232 device
How to set a file as NOT executable?
Just Dropped A RAM Inside Plastic Casing - Is it Dead?
How to save ipconfig output to text file when `tee` isn't available on Windows?
Can I share folders on a LAN using NTFS alone?
Why BitTorrent uploads simultaneously? [duplicate]
How do I stop the "configuring Visual Studio..." message when opening Microsoft Office applications?
How to use new std::byte type in places where old-style unsigned char is needed?
Routing App Coverage File [closed]