Entrepreneur

0 readers

1 users here now

Rules

No Personal Attacks - criticism of ideas is allowed, attacking people is not.
Self Posts Only - links can only provide supplementary material. Your post must contain enough content to have a discussion.
No “How To Get Rich Quick” posts - This community is not about making a quick buck. Posts asking the community how to make $X, without making specific reference to a reasonable idea, are not tolerated.
Avoid unprofessional communication - Please treat fellow entrepreneurs like respected coworkers, label conversations if NSFW and avoid deliberate provocations.

Please feel free to provide evidence-based best practices, share a micro-victory, discuss strategy and concepts with a frame work, ask for feedback, and create professional conversation. Treat every post as if you're at work and representing the best version of yourself.

founded 1 year ago

MODERATORS

communick@indiehackers.space

Ways to prevent account sharing in a SaaS? (alien.top)

submitted 1 year ago by murenzi_company@alien.top to c/entrepreneur@indiehackers.space

5 comments fedilink hide all child comments

Hey there! I own a few SaaS companies and we have been trying to figure out ways to prevent account sharing and curious to know how you do it?

The current way: if a user is logged in, and another session is signed in the same user, the first user that was signed in is kicked from the session.

But- we are trying to fully combat it because the loop hole here is the second person simply asking if the first person is active on their session and they can still share an account. We do per user per month pricing so we find that a decent amount of people would try to pay less by just sharing an account.

Thanks in advance for your advice and insight!

you are viewing a single comment's thread
view the rest of the comments

[–] adamtzag_cpa_flowcog@alien.top 1 points 1 year ago (2 children)

You could require 2FA to login, and then the folks sharing accounts would need to be in the same location. Solves the problem for new users going forward but wouldn't necessarily solve it for our users that are already logged in.

More importantly, is this really that big of an issue? In other words, is this even a problem worth solving because you're missing out on so much additional revenue, or is this a once in a blue moon type of problem?

[–] Gaboik@alien.top 1 points 1 year ago

Just worth noting that this would pretty much only work if the OTP is sent via SMS, no other 2FA flow would solve the issue Beit email or with a TOTP QR code or wtv

load more comments (1 replies)