Hi
Have a client who is looking at developing a site where clients get access by subscriptions.
Obviously the biggest concern is people sharing their login details.
Are there any good techniques which can be deployed to help prevent this or at least reduce it.
Obviously only allowing single session per user logged in so it would kick other people off if they were logged in.
Any other good ideas ?
Thank if you can advise.
It really depends how worried you are about locking out legitimate users incorrectly.
You can keep track of the IP addresses that they log in using, and some other identifiers like their user-agent string, and then look for discrepancies. So if someone normally logs in from an IP owned by Verizon using Firefox, and then suddenly they log in from one in Brazil using Internet Explorer, that might be someone sharing their login details. But, it also might be the same user who just took a trip to Brazil and is using their uncle's computer. How are you going to tell?
You can add a personal question that people would be reluctant to pass on, such as date of birth, that is needed to log in.
I don't know anything about the people that might subscribe, but it may be possible to limit subscriptions to an IP range. This would not generally work, eg if you customers are members of the public.
If the value of the login is high enough, you could send out a piece of hardware like banks use for authentication - it generates a PIN every time you want to log in.
This would make sharing of logins limited to people with physical access to the device.
You could store active sessions in a database table and use it to prevent multiple sign ons. Those stored sessions have to be set to expire fairly quickly, though. If someone doesn't log out or switches browsers or their computer crashes, they don't want to wait a day to log in again.
It's not a programming solution, but another idea is: price it so there's no motivation to share. People turned to Napster because CDs were overvalued. Now they happily pay $1/song on Amazon or iTunes. People pirate MS Office because it costs so much, it's better to get 5 people to chip in then share it. People rarely pirate the educational licensed version, because it only costs ~$60.