NETFLIX has been blasted by cybersecurity experts for failing to protect user accounts with an important security feature.

Unlike most popular online services, Netflix log-in doesn't protect your account with two layers of verification.

If you use Facebook, Twitter or Google then you may have heard of two-factor authentication.

It's an extra step you can enable that lets you protect your account – beyond simply having a password.

Once enabled, you'll be required to enter a special code sent via text or email, which you enter to log in.

This is in addition to your password.

It means that if your password has been hacked (or guessed), your account will still be safe.

But Netflix doesn't offer any form of two-factor authentication, putting you at risk.

Setting up two-factor authentication is one of the easiest ways to stop hackers in their tracks.

Sadly, if a service doesn't offer the feature then there's nothing you can do about it.

"There is always a trade-off between security and usability," Jonny Milliken, manager of research at cybersecurity company Alert Logic, told The Sun.

"Implementing 2FA presents a delay and extra steps for access to services. However, Netflix shouldn't be unilaterally making that decision for all customers.

"Otherwise they are perpetuating a default insecure model."

A recent report by security firm Irdeto found that thieves were selling hundreds of stolen logins for services like Netflix on the dark web.

As many as 854 sets of credentials – including usernames and passwords – were found, being sold by 69 separate vendors on 15 marketplaces.

According to Sophos cybersecurity blogger Lisa Vaas, Netflix takes steps to tackle this problem.

"Netflix, for one, keeps an eye out for its customers’ credentials turning up in batches of data ripped off in various breaches," she explains.

"Like many online services – including Facebook and Amazon, for example – Netflix’s routine security monitoring includes sniffing around online to see if it can find its user IDs circulating in breach lists."

But Milliken told us that this backwards-looking approach isn't good enough.

"Netflix proactively searching for instances of leaked credentials is a worthwhile endeavour, however it is entirely reactive and requires that Netflix find the credentials as soon as the attacker releases them into the public domain," he told The Sun.

"There will always be a delay, and in that delay automated attacker systems can have already wreaked havoc on the people under threat."

We've asked Netflix for comment and will update this article with any response.

Do you think Netflix needs to step up its security? Let us know in the comments!