We are talking about app with paid access only. How to avoid that access is not shared?
Could use 2 factor authentication via sms or email when they log in.
Terms and conditions with penalty such as account suspension might discourage them too.
well, even Netflix could not prevent it. There is not much you can do only 2FA via SMS but even then USER A could pass the code to USER B for login.
Yes, sure. I meant to limit, not totally eliminate. 2fa seems like a decent solution.
In addition you could also implement something like a session counter - a property in Users collection. You can increase it by 1 after log in (for logged-in user, better on a separate screen), and decrease by 1 right before logout.
For native apps (where user as far as I know stays logged-in), having session counter >1 means that something unusual is happening with this user account, and based on this indication you can implement some measures.
Such things should be implemented with care - once I’ve blocked myself out of the app
For webapps it won’t work - there is a frequent glitch with users auto-logged-out after app close, so the counter doesn’t make any sense. Hope this glitch doesn’t exist in native apps
Best regards, Victor.
Good idea. Thank you.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.