I'm creating a game currently and I want to limit one account per person. I have a lot of families that want to play and I can't think of a way to decipher families from cheaters.
The way I'm planning on doing it currently is checking cookies and sessions to see if any are set on that computer if they are then I know someone has already played from that account. Than I will check their IP against the IP's I have stored in my database (I am storing the registration IP for each account as well as the last IP they logged in from). If they don't match any of those I than check the Email they have signed up with and checked to make sure that email isn't already used.
My problem is that while this may stop cheaters it is also stopping families who have a single computer.
Does anyone have any suggestions or from experience what you have done?
Thanks in advance,
Jeff
Some thoughts
There is no guarantee that an IP address corresponds to one person. Somtimes an entire village is seen from a single IP address. Also a usual internet connection has a dynamic IP address that can change any time.
Conclusion: Diffrentiating users by IP addresses is useless.
You may try to filter the multi-account players by checking for suspicious activities, but that may also not be of much help, since it would be hard to distinguish friends just playing together from real cheaters.
All in all, this is a problem to which no effective solution exists.
By the way, some games (for example EVE Online) encourage people having multiple accounts. Maybe you shouldn't worry about it either.
Honestly, my advice is to simply not worry about it. Build the application in such a way that this type of behavior doesn't completely corrupt the system.
I have an iPhone game out there that could potentially suffer from the multiple accounts issue. In the end, I had to come to the realization that people will use software how they want. If you want to crack CS4, you will. Rather than focusing on restricting this type of behavior, design the app in such a way that it doesn't really matter.
Good luck!
You could check two way authentication/ One time password. Such as sending an sms to their phone for a confirmation code. One phone number per person.
There is no fully automatic solution that can distinguish between two people sharing the same computer (and perhaps even the same user account on that computer) and a single person who is using two accounts.
I suggest instead logging as much as you can*, for example the user name, IP addresses and actions for each user and then running scripts to detect suspicious behaviour. You may also want to have moderators that report suspicious behaviour. If you do detect suspicious behaviour then take appropriate action.
For example let's say two accounts from the same IP address (or even from different IP addresses) play against each other for 16 hours every day and the one player always lets the other one win with the maximum possible score. You can search the logs for users that have particularly extreme statistics then you can take a closer look at the specific logs for these players and try to work out using some common sense whether it is cheating or if could be genuine play between a strong and a weak player who are in the same family. If you see obvious cheating, send a mail to them and warn them about the rules of the site. If a warning is not enough, you could for example revoke the players winnings in the games where they cheated meaning that they just wasted their time.
*Warning - logging of personal information is restricted in many countries.