What are some solutions for only letting specific users log into a
website? In other words, how do I prevent people from sharing
username/passwords?
So far, these are what I've considered:
1. IP security - Restrict access to website by IP address. To do this,
each username has an IP address or set/range of IP addresses
associated with it. When user logs in, the site checks the username
with the IP address(es) stored. If matched, let through. If user's IP
address changes, inform admin. That would work with static IPs. For
users with dynamic IPs, allow IP's for a certain region/hostname for
that user. If the dynamic IPs vary significantly, then if user can be
trusted, then make an exception for that user. Any other thoughts?
2. Multiple login security - Prevent multiple, concurrent logins. When
a multiple login is attempted, it is reported.
3. Is there a solution with using cookies? If so, how? In my case,
users will usually use the same computer because the computer is
connected to a large device that works with the website.
Others I haven't considered?
Am I on the right track?
Thanks for any advice. |