Joomla Account Sharing - Prevention Strategies
-
-
- Peter Mee
- Sr. Rocketeer
- Posts: 105
- Thanks: 0
-
Hi All
This is something that's been taxing me for a while. I know for a fact that many users of a Joomla subscription site I manage are sharing passwords. The issue is, I don't know who. I'm looking for advice on how this could be apporached.
We use amember subscriptions on the site and that software has a feature to log IP addresses over a given period and notify/lock accounts if >n ips are logged in a given period.
The problem with this approach is that IP addresses are constantly changing - users on boradband connections seem to have them reset regularly and users also used fixed-line boradband as well as mobile 3G connections.
The upshot of all this is that sharing protection based on IP address does not work as it's impossible to tell if it's multiple users across multiple computers or simply on computer/user legitimately accessing via different networks.
Are there any other options?
I'm looking at how banks do their online security but see that puts up a lot of barriers. They use Java a lot to set/access cookies or physical machine charateristics, often in conjunction with key cards and the like.
Anyone have any thoughts on how to beef up account sharing protection without putting too many barriers in the way of end users?
Thanks
Peter
-
Time to create page: 0.083 seconds