A PRD document that takes a look at the context  and a possible solution for the problem of password sharing faced by Netflix

Context

1. With more than 200 million subscribers globally, Netflix is the largest streaming platform in the world. The platform has seen tremendous growth in subscriber numbers and revenue in the past years. 

2. However, recently there has been a reduction in subscriber growth and the number of new users added has been lower than expectations.

3. Netflix identifies that one of the reasons for this is an age-old problem of password sharing. There have been initiatives in a few geographies to add users outside the household to your Netflix subscription. (https://about.netflix.com/en/news/paying-to-share-netflix-outside-your-household)

4. This document proposes a solution to prevent Netflix subscribers from sharing their passwords outside the household.

Problem Identified

1. Netflix maintains that their multi-screen plans are meant to be used on multiple devices within the same household, or more clearly, at the same “physical address”. 

2. But, it has been observed that users share their passwords outside their households. This poses a security threat to the users as they share their credentials. 

3. For Netflix, it is obviously detrimental to subscriber growth as a potential new subscriber uses a shared password instead of purchasing their own subscription.

4. The problem we are trying to solve here affects the platform in terms of revenue and subscriber growth. It is not really a user problem as it does not hamper their experience. In fact, the solution to this problem would come as a loss for password-sharing beneficiaries, as they would now need to purchase a subscription to continue enjoying Netflix.

Goals

Basis the problems identified, the solutions outlined further in the document aim to - 

1. Prevent Netflix subscribers from sharing their login credentials outside their household.

2. Encourage current password-sharing beneficiaries to purchase new subscriptions themselves.

Non-Goals

On implementing the solution below are the non-goals or outcomes that are to be avoided:

1. Increasing the number of steps in the login process for subscribers.

2. Making it challenging to access multi-screen accounts within the same household

3. Introducing complexity in the existing login process for subscribers.

4. Not identifying the members of the same household in certain situations.

5. Wrongly identifying a user as part of a subscriber’s household.

6. Making it challenging for subscribers (or their household members) to access their accounts when they are away from their physical address

Proposed Features Depicted using User Stories

The proposed features would create the system to limit password sharing. These features are presented in the form of user stories, both from the perspective of Netflix and that of the subscriber.

1. Two-factor Authentication at Login

   As Netflix, I want to update the login process by adding a 2-factor authentication, so that the login is more secured and to prevent unauthorized access to Netflix subscriptions.

   • For every new login to Netflix, a 2-factor authentication will be done.

   • As part of the two-factor authentication, a verification code will be sent to both the registered email address and the phone number.

   • For every new login, an email to the registered email address and a message to the registered mobile number will be sent.

2. Master Device Creation

   As Netflix, I want users to enlist a master device to use with their subscriptions, so that this device can be used to apply password sharing restrictions

   • On logging in for the first time with an existing or a new subscription, and if no other devices are logged in previously, the device used will automatically be enlisted as the “master device”.

   • User can also go to app settings and change the master-device to the currently logged-in device.

   • If there is a change request for the master-device, there will be a two-factor authentication and a verification code will be sent to the registered e-mail address and phone number, which will be used to verify the change.

   • For every master-device change, an e-mail to the registered e-mail address and a message to the registered mobile number will be sent

3. Master Device Creation

   As Netflix, I want to get location details of the master-device, so that I can determine the devices which are in the same household

   • The master device’s GPS location will be used to determine the household.

   • Master-device location will be determined as the latest recorded if the master device is offline.

   • Devices in the same location, within 50 metres as the master device with the same Netflix account, will be treated as being from the same household.

   • Logged-in devices determined to be in the same household as the master device will have unrestricted access to the subscription (screen limits apply as before and according to subscription type).

4. Use of Wifi to define household

   As Netflix, I want to determine if the master device is connected to a wifi network, so that I can use that wifi network to define the household for the subscription.

   • Any device connected to the same wifi network as the master device, and using the same Netflix login will be treated as being from the same household.

   • Master-device location will be determined as the latest recorded if the master device is offline.

   • Devices determined to be in the same household as the master device will have unrestricted access to the subscription (screen limits apply as before and according to subscription type)

5. Apply restrictions based on location and Wifi

   As Netflix, I want to use the master device’s location and wifi parameters to apply restrictions on access to the Netflix account, so that users who are not part of the household of the subscriber, find it hard to access via password sharing.

   • Any device that is not a master device and logged in has to share either the location within 50 metres as the master device, or be connected to the same wifi network as the master device.

   • If a non-master device does not fulfil the above criteria, there will be a time frame of 15 days that it will stay logged in before getting logged out.

   • To make sure the restriction prompts do not bother genuine household device users, there will be a buffer of 7 days to show any warning or prompt. For the first 7 days, there will be no warning or prompt.

   • Post 7 days, whenever Netflix is accessed on the said device, there will be a prompt mentioning that the device is not authorised and access will be blocked after 15 days of first unauthorised use.

   • The above prompt will give the user an option to update the current device as the master device or to ignore it and continue.

   • Also, the prompt will invite the user to explore Netflix plans to purchase a new subscription with their own credentials.

   • Post the 15-day period, if the same device logs in with the same credentials, access will be restricted. On login attempt, the user will only be given the option to update the master device to the current one.

   • If within the 15 days the connected device comes within the same location or wifi network as the master device, the 15-day counter will reset.

User stories from a Netflix subscribers lens

1. Bypass Location and Wifi Restrictions

   As a Netflix subscriber, I need to be able to bypass the location and wifi network restrictions, so that I am able to access the subscription I paid for

   • If access is blocked due to restrictions, the user always has the option to make any device as the master device via 2-factor authentication.

   • This will ensure that a user can access their own subscription on any device desired

   • It is to be noted that, on changing the master device, all other connected devices, if they are not in the same location or connected to the same wifi network as the new master device, will have the 15-day counter started.

2. Seamless connection throughout devices

   As a Netflix subscriber, I need the app to identify my household wifi network and make it easier for all my devices to connect seamlessly

   • Logging-in to devices which are connected on the same wifi network as the master device will not require 2-factor authorization.

   • One wifi network can be selected as the household wifi by the master device. All devices connecting to this wifi network can log in and access the Netflix account without 2-factor authentication.

   • If a wifi network is selected as the household wifi, the master device cannot be away from that wifi for more than 15 days at a stretch. If this happens, the other devices on the shared plan would have to update another device as master device and previous master device will be logged out after 15 days. 

3. Loss of Authetication

   As a Netflix subscriber, I need to be informed if my existing authorized devices become affected and lose authorization due to a change in master device, so that I can take appropriate action and setup my devices as desired

   • Once the subscriber changes the main device, the household wifi and reference location range updates as per the current device.

   • This means that the devices which were previously classified as household will now become unauthorized and the 15 day counter will start with the 7 day buffer.

   • The user needs to be informed of this change and options given to them.

   • Starting from day 1 of this change, everytime the app is opened in such a device, there will be a warning prompt. This prompt will repeat itself every 2 days till 15 days are reached.

Proposed Workflow

Metrics, Risks and Plan of action

Metrics are to be closely monitored for 60 days post the implementation of changes.

Success Metrics

Check Metrics

Risks

This change is primarily for the benefit of Netflix, rather than the users. For that reason, there are a few risks associated with these changes, when they are viewed from the perspective of the Netflix subscribers. Further to the check metrics mentioned in the previous slides, few identified risks are:

1. Due to the restriction on password sharing, users who would be sharing accounts across different households might downgrade their subscriptions to one with lesser screens.

2. The new login process and master device addition steps could make users feel overwhelmed and they might end up unsubscribing.

3. The resrtrictions could make users feel irritated and lose trust in the platform.

Plan of action

Timeline for the change: 6 months

Phase Plan: Once this implementation is done, the success and check metrics will be closely monitored and based on the response to the change an updated version will be released with appropriate changes: either to tighten or relax the restrictions.