Best way to stop a single person from creating multiple accounts

I'm creating a game currently and I want to limit on开发者_JS百科e account per person. I have a lot of families that want to play and I can't think of a way to decipher families from cheaters.

The way I'm planning on doing it currently is checking cookies and sessions to see if any are set on that computer if they are then I know someone has already played from that account. Than I will check their IP against the IP's I have stored in my database (I am storing the registration IP for each account as well as the last IP they logged in from). If they don't match any of those I than check the Email they have signed up with and checked to make sure that email isn't already used.

My problem is that while this may stop cheaters it is also stopping families who have a single computer.

Does anyone have any suggestions or from experience what you have done?

Thanks in advance,

Jeff

Honestly, my advice is to simply not worry about it. Build the application in such a way that this type of behavior doesn't completely corrupt the system.

I have an iPhone game out there that could potentially suffer from the multiple accounts issue. In the end, I had to come to the realization that people will use software how they want. If you want to crack CS4, you will. Rather than focusing on restricting this type of behavior, design the app in such a way that it doesn't really matter.

Good luck!

Some thoughts

There is no guarantee that an IP address corresponds to one person. Somtimes an entire village is seen from a single IP address. Also a usual internet connection has a dynamic IP address that can change any time.

Conclusion: Diffrentiating users by IP addresses is useless.

You may try to filter the multi-account players by checking for suspicious activities, but that may also not be of much help, since it would be hard to distinguish friends just playing together from real cheaters.

All in all, this is a problem to which no effective solution exists.

By the way, some games (for example EVE Online) encourage people having multiple accounts. Maybe you shouldn't worry about it either.

You could check two way authentication/ One time password. Such as sending an sms to their phone for a confirmation code. One phone number per person.

There is no fully automatic solution that can distinguish between two people sharing the same computer (and perhaps even the same user account on that computer) and a single person who is using two accounts.

I suggest instead logging as much as you can*, for example the user name, IP addresses and actions for each user and then running scripts to detect suspicious behaviour. You may also want to have moderators that report suspicious behaviour. If you do detect suspicious behaviour then take appropriate action.

For example let's say two accounts from the same IP address (or even from different IP addresses) play against each other for 16 hours every day and the one player always lets the other one win with the maximum possible score. You can search the logs for users that have particularly extreme statistics then you can take a closer look at the specific logs for these players and try to work out using some common sense whether it is cheating or if could be genuine play between a strong and a weak player who are in the same family. If you see obvious cheating, send a mail to them and warn them about the rules of the site. If a warning is not enough, you could for example revoke the players winnings in the games where they cheated meaning that they just wasted their time.

*Warning - logging of personal information is restricted in many countries.

I have worked support for a company for many years. The amount of multiple accounts have sky rocketed. This will especially happen if you are giving free play meaning a trial or bonuses to try the site out. With that being said people have found various ways to get around being caught. They have temporary email sites now that take only seconds to make an account and after you click the verification email you can quickly delete everything and make another. Most multiple account makers need at least one thing that they use all the time to make sign in easier. The password. I do a password search and just two days ago I found one customer had made 83 accounts. Needless to say I had to go through each one and disabled them all. I have thought a long time as to how to control or stop it all together. The only thing I can think of is phone verification. A customer makes an account. They get a pop up that a representative will be calling to verify their information. I would be happy to do the calling because it sure would be a lot less work than constantly searching for multiple accounts. Of course this won't stop it all together because some people have several phones but it will be so much less than verifying with millions of faked email addresses. I came on here hoping to find a better solution. It is not my company and any added expenses such as software is out of the question. Thanks for reading and I hope that maybe this will help someone.