Entrepreneur

0 readers

1 users here now

Rules

No Personal Attacks - criticism of ideas is allowed, attacking people is not.
Self Posts Only - links can only provide supplementary material. Your post must contain enough content to have a discussion.
No “How To Get Rich Quick” posts - This community is not about making a quick buck. Posts asking the community how to make $X, without making specific reference to a reasonable idea, are not tolerated.
Avoid unprofessional communication - Please treat fellow entrepreneurs like respected coworkers, label conversations if NSFW and avoid deliberate provocations.

Please feel free to provide evidence-based best practices, share a micro-victory, discuss strategy and concepts with a frame work, ask for feedback, and create professional conversation. Treat every post as if you're at work and representing the best version of yourself.

founded 10 months ago

MODERATORS

communick@indiehackers.space

Ways to prevent account sharing in a SaaS? (alien.top)

submitted 10 months ago by murenzi_company@alien.top to c/entrepreneur@indiehackers.space

5 comments fedilink hide all child comments

Hey there! I own a few SaaS companies and we have been trying to figure out ways to prevent account sharing and curious to know how you do it?

The current way: if a user is logged in, and another session is signed in the same user, the first user that was signed in is kicked from the session.

But- we are trying to fully combat it because the loop hole here is the second person simply asking if the first person is active on their session and they can still share an account. We do per user per month pricing so we find that a decent amount of people would try to pay less by just sharing an account.

Thanks in advance for your advice and insight!

top 5 comments

sorted by: hot top controversial new old

[–] adamtzag_cpa_flowcog@alien.top 1 points 10 months ago (2 children)

You could require 2FA to login, and then the folks sharing accounts would need to be in the same location. Solves the problem for new users going forward but wouldn't necessarily solve it for our users that are already logged in.

More importantly, is this really that big of an issue? In other words, is this even a problem worth solving because you're missing out on so much additional revenue, or is this a once in a blue moon type of problem?

[–] Silentkindfromsauna@alien.top 1 points 10 months ago

I have to agree with this. Sounds like a trivial issue right now, you should be spending this time for getting more new customers instead of trying to convert people into from the rare few customers that are gaming the system. This is even assuming they would convert to paying customers instead of just stop using your product.

[–] Gaboik@alien.top 1 points 10 months ago

Just worth noting that this would pretty much only work if the OTP is sent via SMS, no other 2FA flow would solve the issue Beit email or with a TOTP QR code or wtv

[–] DueSignificance2628@alien.top 1 points 10 months ago (1 children)

If this is widespread, it may be time to change your pricing model, like instead of per-user than some other measure like number of projects set up or whatever is a usage-based appropriate measure.

[–] murenzi_company@alien.top 1 points 10 months ago

You might be right here. Something that can’t be looped-holed. Thanks for the advice!!