Preventing multiple logins by the same member
Is there any way to prevent multiple login?
I would like to suggest security upgrade, at the moment the Wild Apricot software allows a member of a Wild Apricot website to login in with multi computers at the same time. This may not seem such a bad problem until you come across someone that pays for a single membership to a site and then passes his login details to his friends. The website whether a profit or non-profit is then losing revenue as there is no need for family or friends to also sign up for their own membership. It even gets worse if the user name and password is posted on a blog or other website. I know I am looking at the worst case here but I believe that security is always about preparing for the worst and then hoping it does not happen. Is there any way for a site owner to know if this is happening? (I am new to Wild Apricot)
My suggestion is that if someone logs in to his/her account and is already logged in on another computer then their account is suspended an email is then automatically generated and sent to the member (as well as the administrator) asking them to reset their password and inform them that there may have been a security breach or that they did not log out when they were on another computer. (Email generated could be edited by administrator and then decide who the email goes too) If this then continues too happen with a particular member then site administrators can decide what to do.
It could also have different levels so the first time it happens the member is asked to re-set their password the second time the account is suspended for 24 hours and then asked to reset their password. The third time their membership is suspended until an administrator re-activates it.
I am new to WA and would like to take the time to thank the WA Team for the help they have given me so far, so thank you for your help!!! You guys have a great system am loving what you can do with it, and the fact that you keep on developing the software.
Another example, I know I'm signed in on my home pc, as I've been working on putting in the custom urls . . . but I'm here with this pc and some time to kill, so I've also signed in here and am continuing working - signed into both pcs at the moment . . .
I sign in from several different pc's, depending on where I am. Preventing me from using multiple ip addresses would be a big bummer if it meant that I had to always access from one pc.
I also sign in on multiple browers at the same time often - to work as an administrator and check view as public/member.
Dmitry Buterin commented
Good point, makes sense.
Let's see how many other clients consider this important..
In any case, there is no way we can add this in the near future - too much other stuff already in the pipeline.