Google Answers: Prevent sharing login information

View Question

Q: Prevent sharing login information ( No Answer, 3 Comments )

Question

Subject: Prevent sharing login information
Category: Computers > Security
Asked by: riskmaster-ga
List Price: $10.00

Posted: 24 May 2006 10:23 PDT
Expires: 23 Jun 2006 10:23 PDT
Question ID: 732033

What are some solutions for only letting specific users log into a
website? In other words, how do I prevent people from sharing
username/passwords?

So far, these are what I've considered:

1. IP security - Restrict access to website by IP address. To do this,
each username has an IP address or set/range of IP addresses
associated with it. When user logs in, the site checks the username
with the IP address(es) stored. If matched, let through. If user's IP
address changes, inform admin. That would work with static IPs. For
users with dynamic IPs, allow IP's for a certain region/hostname for
that user. If the dynamic IPs vary significantly, then if user can be
trusted, then make an exception for that user.  Any other thoughts?

2. Multiple login security - Prevent multiple, concurrent logins. When
a multiple login is attempted, it is reported.

3. Is there a solution with using cookies? If so, how?  In my case,
users will usually use the same computer because the computer is
connected to a large device that works with the website.

Others I haven't considered?

Am I on the right track?

Thanks for any advice.

Clarification of Question by riskmaster-ga on 24 May 2006 10:25 PDT
Of course, I would implement #2 in addition to other measures.

Answer

There is no answer at this time.

Comments

Subject: Re: Prevent sharing login information
From: mosko-ga on 26 May 2006 06:15 PDT

hi,
in order to indetify a user you can use 3 type of tests.
something you are (fingerprint ...)
something you have (smart card, computer IP, etc)
something you know (password, ...)

the problme is that to test something you are you must have special hardware,
to test something you have cost money or easy to fake (IP address)
you think about it.

Subject: Re: Prevent sharing login information
From: bcattwood-ga on 26 May 2006 08:50 PDT

4. Set policy that if users are caught sharing their password, harsh
consequences will ensue, i.e. termination of employment,
restricted/denied access to said website, whatever is appropriate for
the situation.

Subject: Re: Prevent sharing login information
From: jbee-ga on 28 May 2006 18:37 PDT

I'm not sure what the purpose of your website is, but if you are in
contact with your clients regularly then you could issue them new
passwords each week via email or phone, making it difficult for them
to share with many people.

Imposing an IP restriction may be more of a nuisance than it's worth,
simply monitoring who is using which account/password from what IP
should be enough to see if anything strange is going on.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy