Help request: Prevent duplicate accounts

denzil

New Member
Messages
134
Reaction score
3
Points
0
Hey guys. I know there is no perfect solution for this, but I'd like to hear what the best solution is to my problem. The website I am working on requires that user's do not have duplicate accounts. This is very important to me as it could be beneficial to certain users if they have more than one account (which will be against my website's rules).

What would the best way be to prevent users from making duplicate accounts and how effective would this method be?

Currently I'm thinking of doing a simple IP check but I'm not 100% on internet IPs. Are they always static for a certain user?

Any ideas?

*btw I've got mybb forums integrated with my website. I know there is an IP check which limits number of accounts created per day per IP.
 
Last edited:

cybrax

Community Advocate
Community Support
Messages
764
Reaction score
27
Points
0
IP address is seldom static for users. You have to uniquely identify the visitors web browser, so after they have registered they get a 'cookie' from your server to keep as identification.

Regular cookies are a good starting point for identifying a visitors web browser / account, but these are easily deleted. Then there is 'super cookie' aka client side storage, the only way to clear data stored here is a full cache clear of the browser. I should mention there is a more hardcore cookie tagging system known as Ever Cookie difficult (if not imposibble) to remove without some third party help. However it's about as close as you can get to being malware and still be legal. Few sites using it so far but expect that to change.

One account per email address is another commonly used safeguard that is fairly straightforward to implement as a check during registration.
People are also predictable and somebody with multiple accounts will often number them...eg denzilb22 , denzilb23, denzilb36 and so on and this can be spotted by creative server side scripting.

History tracking has also been used succesfully to identify previous site visits though its days are numbered, the current script no longer works for IE9, wether a new method will become apparent is anybodies guess. Again this can be defeated by clearing the history cache of a browser.

By far the best system for detecting mutiple accounts are the forum moderators, peoples writing style seldom changes and a good mod can spot when somebody posts under a different name. It could probably be done using fancy mathamatics but 'gut' instinct is often quicker.
 
Top