"Approving" the users machine like Online Banking websites do
I need to find a solution to prevent users from sharing their login info, since my new project is based on paid membership. To that effect I need to identify a user's browser or machine to make sure they are the original registrant.
Commerce Bank, Bank of America, etc. all use some kind of "fingerprinting" to mark my browser as "approved" to use their website. If I try to login from another machine or a browser, they ask me to prove to them that I have the right to login into their website as the user I claim to be.
How do they do this? I think their solution could work for me. How would I go about implementing it on a C5 site? Any ideas?
Thanks in advance!
If not, they give the user a hard time answering questions to prove who they are.
This all has to be weighed against convenience for users. While we usually appreciate the security of getting the third degree from our banks, for other sites such extreme security is less tolerated and may even be castigated as an invasion of privacy.
Any ideas are welcome!
I don't know of any other sites that have such protection, though I'm sure there are.
Most membership sites simply expect a certain level of "noise" -- users using registered users credentials. And, in a lot of cases, it gives people the ability to "test-drive" the site, and allows them to create a membership.
The more you can customize the features of a site to specific users, the less likely people will want to share their credentials, and the less likely outside users will find it of value.
Just some thoughts. An awful lot of membership sites function quite well without that kind of protection.