Ways To Prevent Sharing Passwords To Access A Site?

13 years ago

IP address is definitely possible.

But remember this: build into your price the cost of customer service. You will inevitably get someone who says "I just moved to another state with a different internet company, and now my membership login does not work."

For someone like that, you will need to deactivate the old one, and activate the new one.
That takes time, and time equals money. So build that into your price.

Also, make it very clear that your membership logins are tied to the IP address. You don't want someone thinking they can login "from anywhere in the world" when in fact they have to log-in from a specific IP address.

If you don't want to deal with the customer service of IP address updating, you could have passwords set to expire every 60 days. Then they get an email with their new password. Someone could still "tell everybody" their new password. But you will probably wear people like that out over time. And any lost revenue from that set up could be offset by less need for customer service, and less hassles about people's IP addresses not working and needing updating.

A really cool idea would be that you can only post new information from your pre-defined IP address, but if you are on the road, you can log in with a "view only" mode. I don't know if anybody has that technology set up.

A lot of software companies have computer pinging. The software "learns" the exact computer, and the software will not work if the query discovers it's not an authorized machine. That's even more restrictive than IP address.

This whole thing falls under the category of "digital rights management".

Fortunately, this whole membership site thing has evolved and it gets better all the time. I don't think you will have a difficult time finding a "membership site in a box" solution that provides access restriction levels that meet your needs. You'll probably want to shop around to find one that has all of the video features you want and other things.

Thanks

{{ DiscussionBoard.errors[3027725].message }}

Steven Fullman

13 years ago

Hi,

You can certainly capture the IP address.

You can also use a geo-location script, and capture the results.

If you see the same user credentials being used from multiple states/countries within a suspiciously short period of time, you can then make an informed decision whether or not to disable the account.

I would recommend monitoring all this stuff on the backend of your delivery funnel anyway if it's a potential problem for you (cost/bandwidth etc).

I wouldn't try to enforce a strict IP address-only policy, though. People access the internet at home, at work, in hotels, in cafe's, on their phone...everywhere these days.

Steve

[ 1 ] Thanks
4 replies

Signature

Not promoting right now

{{ DiscussionBoard.errors[3027794].message }}

Bill Farnham

13 years ago

Originally Posted by beginner warrior

Also, make it very clear that your membership logins are tied to the IP address. You don't want someone thinking they can login "from anywhere in the world" when in fact they have to log-in from a specific IP address.

OUCH! That would be the ultimate bummer and a good reason to ditch that membership.

Steven is correct, you need to allow people the freedom to roam while they use your site.

Originally Posted by Steven Fullman

I wouldn't try to enforce a strict IP address-only policy, though. People access the internet at home, at work, in hotels, in cafe's, on their phone...everywhere these days.

~Bill

Thanks

Signature

{{ DiscussionBoard.errors[3027852].message }}

bob dorris 13 years ago

Sounds good... any idea how I go about getting and using a geo-location script?
- Thanks
{{ DiscussionBoard.errors[3027892].message }}

bob dorris

13 years ago

Originally Posted by Steven Fullman

Hi,

You can also use a geo-location script, and capture the results.

If you see the same user credentials being used from multiple states/countries within a suspiciously short period of time, you can then make an informed decision whether or not to disable the account.

That sounds good... any idea where I can get more information on getting that and using it?

Thanks
1 reply

{{ DiscussionBoard.errors[3027908].message }}

Steven Fullman 13 years ago

Originally Posted by bob dorris

That sounds good... any idea where I can get more information on getting that and using it?

This is the one I use:

Home :: IPInfoDB

...although not for the same purpose

It's pretty accurate.

Cheers,
Steve
- Thanks
Signature

Not promoting right now
{{ DiscussionBoard.errors[3027962].message }}

anthony2

13 years ago

Originally Posted by Steven Fullman

Hi,

You can certainly capture the IP address.

You can also use a geo-location script, and capture the results.

If you see the same user credentials being used from multiple states/countries within a suspiciously short period of time, you can then make an informed decision whether or not to disable the account.

I would recommend monitoring all this stuff on the backend of your delivery funnel anyway if it's a potential problem for you (cost/bandwidth etc).

I wouldn't try to enforce a strict IP address-only policy, though. People access the internet at home, at work, in hotels, in cafe's, on their phone...everywhere these days.

Steve

I agree with Steven.

If you inforce a strict IP address policy...i can see that
being a huge HEADACHE and extra customer service.
Someone may access your service outside of there home
or they may have ISP problems and there IP address may
get change. You don't want dozens of people emailing you
a day saying they can't login because there IP doesn't match.

Also if you worrying about bandwitch problems you can host
your video websites with Amazon.

Thanks
1 reply

Signature

"I Leveled The Playing Field And Removed Every Roadblock
To Helping You Make Maximum Profits In Minimum Time"
Click Here Now To Find Out How!

{{ DiscussionBoard.errors[3031863].message }}

ASUService

13 years ago

Originally Posted by anthony2

I agree with Steven.

If you inforce a strict IP address policy...i can see that
being a huge HEADACHE and extra customer service.
Someone may access your service outside of there home
or they may have ISP problems and there IP address may
get change. You don't want dozens of people emailing you
a day saying they can't login because there IP doesn't match.

Also if you worrying about bandwitch problems you can host
your video websites with Amazon.

Hi Gents,
I do understand your concern ... very valid indeed.

However, I can say that I setup several adult sites with the solution I mentioned each having in excess of 5000 subscribers. This issue you mentioned only came up a few times.

Like espradley we did allow a set number to go without blocking ... I believe it was three per day. We noticed that when a true issue existed that the system would be hit many many times in a very short period of time. In our case several hundred could happen in matter of minutes. Typically this meant that the login had been posted on a password sharing site.

One last comment ... you can run yourself ragged trying to prevent this from happening but it's not going to make that much difference. If you have a popular site you will get broke into ... that's just the way it is. So do the best you can and roll with the changes as they occur.

Just food for thought!

Thanks

Signature

Best Regards,
Mike Allton
ASU Service, Inc.
The LAST SMS Platform You'll Ever Need! Easy Money!

{{ DiscussionBoard.errors[3033131].message }}

AverageGuy

13 years ago

log the IP, and kick other logs (using the same id/pw) out when new IP comes in. Claim this clearly on site. hopefully, paid users will not share the login.

david

Thanks
1 reply

{{ DiscussionBoard.errors[3027840].message }}

bob dorris

13 years ago

Originally Posted by AverageGuy

log the IP, and kick other logs (using the same id/pw) out when new IP comes in. Claim this clearly on site. hopefully, paid users will not share the login.

david

David, do you mean to kick others off the site when someone logs in at the same time with the same id/pw? Can you tell me where I can learn more about doing this?

Thanks,
Bob

Thanks

{{ DiscussionBoard.errors[3027923].message }}

The Mysterious Marketer

13 years ago

If you have a script that can do so,

Set the membership login to automatically lock you out if you log in from more than 2 or 3 IP addresses in a single day.

I'm a member of a membership site that does that

I think that they're using Amember

Thanks

Signature

@xxxx[{::::::::::::::::::::::::::::::::::> IM COUPONS <::::::::::::::::::::::::::::::::::}]xxxx@

"100% FREE: Download Over $9,356 Of Internet Marketing Software, Templates, PLR Packs, Graphical Elements, Training Courses & More! (Click Here NOW)"

{{ DiscussionBoard.errors[3027935].message }}

ASUService

13 years ago

http://www.monster-submit.com/sentry/
http://www.pennywize.com/

... don't know anything about any of them or the scripts so use due diligence.

An article covering additional options ...
http://www.newmedias.co.uk/your-minder/prevent-password-theft/

If you have a concern about this don't forget about brute force attacks. A good hacker can actually guess a user/pass combo faster than some can share the login with others.

Moving on ...

Way back in the day I had a script that did just as Illumination outlined. It might have been Amember but I'm not positive. I'll check my archives for it but it may be too old to work in today's hosting environment. I'll come back and let you know if/when I find it.

In the meantime how about finding out if you actually have a problem by putting something like this at the top of the main member page.

"Your IP of XXX.XXX.XXX.XXX has been recorded. We have installed a login monitor system that detects the number of users logging in from different IP's using the same user/pass combination. If your login info is found to be used from several IP's you're membership will be automatically terminate with no refund of monies paid"

You then can use a number of scripts that display the users IP to fill in the XXX.XXX.XXX.XXX with their actual IP.

In PHP it's pretty easy ...

IP Address- PHP Tutorials- Depiction

Then check your logs every now and then to see if you need to actually go beyond the bluff.

PM me if you would like/need some help with this. It's been a while but I'm sure I have something left from when I did work for adult site webmasters.

Thanks

Signature

Best Regards,
Mike Allton
ASU Service, Inc.
The LAST SMS Platform You'll Ever Need! Easy Money!

{{ DiscussionBoard.errors[3028180].message }}

tryinhere

13 years ago

would not a simple free forum script / ? smf handle all of this stuff as it would give private user group based permissions and handle all of the ip address stuff or am i in the wrong car park.

Thanks
1 reply

Signature

| > Choosing to go off the grid for a while to focus on family, work and life in general. Have a great 2020 < |

{{ DiscussionBoard.errors[3028215].message }}

bob dorris 13 years ago

Thank you everyone for the suggestions. Mike, the links and recommendations you provided were exactly what I was looking for. Thanks for the thoughtful response.

Best,
Bob
- Thanks
{{ DiscussionBoard.errors[3028649].message }}

ASUService

13 years ago

You're welcome Bob ... Glad you found that info useful.

Thanks
1 reply

Signature

Best Regards,
Mike Allton
ASU Service, Inc.
The LAST SMS Platform You'll Ever Need! Easy Money!

{{ DiscussionBoard.errors[3031703].message }}

espradley 13 years ago

I've actually got a client who has me doing this now.

IP Address checking can be tricky because it involves banning your customers for something that could be legit.

Here is the plan that we came up with. She is using DLGuard...

We monitor the IP addresses and record how many attempts per account has been used. The default is two. If they reach three, they are locked out with a message and she is notified. She can then unlock the account.

We are putting a splash page after login, which contain personal information and the ability to change the password. This helps deter people from passing out their password. This page will also have a notice that we are tracking based on IP and that if you have more than two you will be banned. Then a button that says "I understand these terms" is necessary to click past this page.

She also sometimes sells packages where they need more than two ips, so the backend system allows her to specify how many ips each account is allowed and overrides the standard 2.

Let me know if your interested in having something similar written for you. Just send me a PM. I can work out the GEO Location stuff too....
- Thanks
Signature

Eddie Spradley
{{ DiscussionBoard.errors[3031741].message }}

alexwong

10 years ago

You can consider checking LoginEye out!

They are a third party security solution that enables businesses to identify login sharing behaviour and prevent it.

If none of the above methods works for you, why don't you get yourself a free trial from them?

Thanks

{{ DiscussionBoard.errors[9598844].message }}

Ways To Prevent Sharing Passwords To Access A Site?

Trending Topics

Boat and Jet Ski Rentals...... Door Hangers Effective?

Are billboards still effective in driving customers?

Let's dissect the genius behind Nike's 'Just Do It' slogan. What makes it so powerful and timeless?

4 underutilised SEO research approaches to explore

A Very Strange Internet Problem