Detecting double accounts

[Leverkusen]

How can i detect someone who is using proxy and has 2 or more accounts on my website?Or anyway, the important thing for me it is that they dont cheat because i have a competition and its forbidden to have 2 or more accounts.

[kicken]

For the most part you'll just need to do a bunch of logging of different things and then keep an eye on things manually. There isn't really any good automated method you could used.

[Jacques1]

Sorry, Leverkusen, but this is nonsense. And I think a web developer should understand the web well enough to realize this.

 

The “proxy detection” you have in mind doesn't work, locks out legitimate users and is simply nonsense. If your competition doesn't work on the Internet, then that's the problem. There's obviously an issue with the concept.

[Leverkusen]

How can i know if someone is using on my site 2 or more accounts?

What should i do exactly?

[fastsol]

Unfortunately there isn't going to be any foolproof way to make sure they aren't.  You can put multiple checks in place to check along the way to "try" and negate them from achieving 2 accounts but in the end all you may do is keep legitimate users from actually using the site too.

 

You can use a combination of cookies, sessions and registration verification checks to start with.  The problem is that people can just fake the registration checks by simply signing up a different email and verifying the email when you send them the "verifictaion email".  They can just change or delete the cookies you set and use multiple browsers to negate the session issue.

 

So again, there is no foolproof way to do it.  Just put as many checks in place that make sense without keeping legitimate users out.

[Jacques1]

Did you not read the replies? Two people just told you that you cannot do this.

 

What you should do is fix the concept of your competition so that it works on the Internet. Your current concept is obviously designed for an offline environment.

[Zane]

To automatically attempt to detect a double account creation would involve very complex algorithms that only a human being can utilize.

Pretty much, you'd need one person to an army of persons to check such variables (that noone can seem to identify).

The input you do get is pretty much useless, because the most you could do is compare a stored geolocation and/or an IP.

But that would only allow you to compare their stored IP, which would only keep the user form using a different IP.

The don't call it Dynamic Host Control Protocol for nothing, their IP will change at some point so you would have to capture the network address portion of the IP.

But what if the ISP changes their network address?

 

Now, you are at the mercy of how broad a client base this ISP has; the less the better.

Though still, this only limits you to that group of clients.

 

What is the population of that city?

What percent of the households of this population use the internet?

With a population 1,000, and an aforementioned percentage of 70, 

Compare this percentage with all users when they go to register an account

This could signal a flag to alert you.

Now you're at the mercy of making decisions, the human way.

 

If the comparison is true, you have to consider the likelihood of this user using a neighbor's computer with the same ISP and network address.

Though, seeing as IP's can be spoofed just contradicts that whole portion of security.

So what is the likelihood that you user base even knows how to spoof an IP?

What are their moral values?

Do you trust your user base?

That's what your "security" would involve.

 

The Honor System is the only chance you have.

Edited June 29, 2014 by Zane

[Leverkusen]

Thank you i really understand it now.

Hey Jacquet. How is it offline? Its live on my website? You cant access it if you dont have the internet?

[Strider64]

I used to run a bbs (bulletin board service who don't know what that is) and even then people could get double accounts. I once had the notion of only having one phone per account (Back then verification was done by bbs software actually calling back the user's computer), but thought that a household could have more than one person for that phone (I know you are thinking boy was I stupid, but remember I was only 13-16 at the time). The only way I can think of not having people creating double accounts is having a membership fee, but having run a bbs for a long time I know from past experience people are cheap and want everything for free.