Is the feature of preventing members from sharing their login with others available? (Some times this is happening - other people will not take membership - they are using their friend's credentials)

It would be great if login were user specific. OR only available on a few devices like netflix does.

I would like to be able to prevent or disable multiple logins from the same username & password. Unfortunately we have members sign up for one membership but have multiple people in the same office using that account. There should be a way to ensure that cannot happen or that we can offer individual or group memberships for multiple users like Netflix or Spotify.

This has been a big problem. Record so far is the same member having four different accounts - what was originally exported from QuickBooks, two accounts from different renewals, and registered forum user.

Hi,

I too am interested in having this feature added in future release of WA. Even a simple solution would be great.

Thanks,

Sunil

I too find this very important.

Actually a deal-breaker if we can't get this to work.

The ideal solution for us is that a single user can not log in twice at the same time. That, I believe, would solve our issues with this.

Thanks

I think we should consider the solution of the problem NOT from the point of immediate restrictions, but rather from reporting option for site admin.

Let me clarify.

* Each time member/admin logs in into the system, system records date/time, ID, IP address and browser information
* The log with this full logins history on per member basis and only for full site admins
* System also may summarize all logins and provide a likely number of different places where actual login may be performed (based on IP address, browser data, cookie, etc.)
* The summary is made per time period - like last month, last 3 months, last year, in total
* The summary also shows (based on IP) a likely location of log in
* Admin has a special report where he can look on all members from logins summary perspective and decided what her should do about suspicious members
* Admin has also an option somewhere in system setting if he wants the system to notify him as soon a member has new location within specific time period What do you think? This solution does not force all members to be blocked from login but rather gives admin a way to be notified or overview all suspicious members and contact them directly if required. Any comments are welcome.

I understand the concern if members are sharing accounts to avoid paying.

That concern does not impact us at all. It's just not an issue. This would be a major inconvienience for reasons previously sited. Also, I currently log in as a regular member and admin on the same machine so I can test my changes and see exactly what regular members will see. If I had access to a different machine (e.g. a Mac) I would login and test there as well.

If you do impliment this feature:

1. please make it optional

2. With IP tracking an issue, consider just kicking off current users when a new login under the same name occurs. Again, please make it optional

I can see I'm on a loser here. Others regarded it as a problem but have dropped out. If this cannot be addressed it is a major problem for anyone considering selling information via WA.

There seems little point in asking non-technical people what they want and then telling them why they cannot have it. How about saying the type of thing that is possible and going from there.

If the access is reported in a meaningful way at least you have some idea of what is going on. If you have say 50 accounts where access is consistently from one place and 2 that are consistently viewing the same material from numerous different sources you may have a problem and can then decide what to do about it. As it is I am completely in the dark.

In my case the material to be viewed is a course in graded steps 1 to 9. Each unique visitor has accessed all steps (Information via Google). The valid user would not do this.

One seller I browsed recently provided full access reporting and claimed a bot searches log files for signs of misuse. I am not suggesting WA does this, simply reporting what I have seen.

Actually identfying misuse is much harder. Google might be showing several unique visitors for many different reasons, e.g.:

- same person logged in from home/office

- same person using different browsers

- same person using some kind of cookie-blocking

- or different people using the same login.

We can not reliably distinguish these cases - neither can Google or anybody else.

This should not be regarded as a wish list request for an upgrade. This is a serious deficiency in the system whether or not loads of people are asking for it to be changed.

If you are using WA to sell information, which works well, then it is important to know who is accessing the information. It is no use simply being told that a user has logged in 30 times and yet not know that they did it from 5 different IP addresses.

You say...

[quote user="Chief_Apricot"]

I guess you are talking about tracking and limiting access by IP address. This is not really feasible due to NAT routers, dynamic IPs etc.

What I think should be doable is restricting access so that only one person can be logged in under the same member ID at any one time. What do you think of this?

[/quote]

Restricting to one person logged in at a time is not really useful. It does not overcome the problem.

Reporting user details in such a way as to identify misuse would at least enable me to use the suspend function if I wanted to. Is there any way for you to report with some certainty how many different people are using the account. It would seem Google are able to detect "unique visitors".

I would like to hear more from others - how important this issue is, what is desirable etc.

I would like to draw attention to this issue. My intention was to post in this section because it is a current issue. I replied to a post after doing a search and it was posted in the wish list section

I think it is time to address this issue again.

I now have a membership site thanks to WA. I'm pretty pleased with it and how it runs.

I've sold my first membership...the problem for me is that, as far as I can tell and after only a couple of days, 4 people are using it !

My WA system gives me no clue that this is happening and no way to prevent it.

I only know because I only have only one membership and I have Google Analytics installed.

GA tells me about the unique visitors to my pages.. First there was one, then there were 3, now there are 4.

I can understand the people who say they want any number of logins open. It appears to be for admin purposes...so that can be made a special case or have security on or off

I am not a technical person so I do not know what is possible, BUT the very least that should be done is to inform admin how many different addresses are logging in with the same ID.

I can see many valuable uses for WA. If this issue is not addressed "Members Only" pages is not one of them.Please do something about it.

I think it is time to address this issue again.

I now have a membership site thanks to WA. I'm pretty pleased with it and how it runs.

I've sold my first membership...the problem for me is that, as far as I can tell and after only a couple of days, 4 people are using it !

My WA system gives me no clue that this is happening and no way to prevent it.

I only know because I only have only one membership and I have Google Analytics installed.

GA tells me about the unique visitors to my pages.. First there was one, then there were 3, now there are 4.

I can understand the people who say they want any number of logins open. It appears to be for admin purposes...so that can be made a special case or have security on or off

I am not a technical person so I do not know what is possible, BUT the very least that should be done is to inform admin how many different addresses are logging in with the same ID.

I can see many valuable uses for WA. If this issue is not addressed "Members Only" pages is not one of them.

Please do something about it.

Like other posters, I often am logged into WA many times simultaneously. Once as an administrator with a web page edit in progress, once as an administrator so that I can view other pages for references (perhaps Page Mgmt), once as an administrator to perform ad hoc admin tasks for the club, and once as a member to view the website as a user. My productivity would go way down if I could only log in once.

Secondly, cutting off someone's access abruptly for the sin of a supposed security breach would upset people very quickly. What if they simply forgot they were still logged on in another window??

Do not take away the ability to log in simultaneously. Make it an option if you want to provide this security enhancement.

Fair enough, if by IP is too difficult then by ID sounds good to me.

That is more or less how my post started out...before I started editing! I was thinking in terms of a variable which specified the maximum number of logins for an account. It would have an Admin editable default of 1 at creation of the account but could be raised on any given account if required.

I guess you are talking about tracking and limiting access by IP address. This is not really feasible due to NAT routers, dynamic IPs etc.

What I think should be doable is restricting access so that only one person can be logged in under the same member ID at any one time. What do you think of this?

I intend using WA to provide information for a fee via membership and restricted access.

I really like what WA offers. More security would be very useful. The current situation is a real weakness. Multiple paid membership levels and the ability to restrict access is great - but then allow any number of people to login on one membership! It could potentially cost the provider a fortune and you would not even know it is happening.

How about having field "Number of login addresses" for each account.

It defaults to whatever you want to set it to (I would set it to one) but can be increased for your own purposes as expressed above or on request from valid users.

Each account could have fields for the top 5(?) addresses most used so you can see how an account is being used.

I understand your point I would tend to agree with you. Two ooptions build it in so that for admin people you could choose to have enhanced security active or not on an indvidual basis. Another work around is to have two (or more) member profiles so one could see the changes on another computer.

Even as a user I access things from multiple pc's. For example, this WA forum may very well be open on my primary pc as I'm writing here on someone else's pc . . .