Hi: I think avoid password sharing prevention is very important.
One report that is missing is a simple list like this:
[User Name] [Email] [IP Addresses]
Mike aaa@aaa.com 15
Peter bbb@bbb.com 1
This could help to find fast people who is sharing passwords.
In the example you can see Mike entering from 15 different IPs, so he is clearly sharing password.
Another option could be to let export the LogIn Reports to a txt file so it coul be imported and analized in MS Excel.
What do you think?
Rolo,
A summary would probably do good as well as the export to a file.
You can do a search on a username, then sort it by IP to get a little better glance at things.
The IP max # setting in setup options also will flag and inactivate an account that goes over that setting.
Rolo,
A summary would probably do good as well as the export to a file.
You can do a search on a username, then sort it by IP to get a little better glance at things.
The IP max # setting in setup options also will flag and inactivate an account that goes over that setting.
Good!, the Max Unique IP Addresses allowed is a very good control !
But settings says: "Set the number of unique IP addresses a single login can use within a 24 hour period. If exceeded account is set to inactive, administrator notified by e-mail".
Why is a 24 hr period? What happen if user shares password with 7 friends and each one use the password on a different week day?
User 1: enters on monday
User 2: enters on tuesday
and so on...
I think Max Unique IP Addresses allowed would be with no time period.
I mean, I want that User X login only from 1 or 2 IP forever, not only 24 hour period.
I am confused on something?
Thanks a lot for your support
Well - not everyone has a static IP. Some people are actually still on dialup where they get a different IP every time they sign in. Some high speed subscribers get a new IP every time they turn their modem off and on. Some companies such as comcast give you a new IP weekly.
So this could cause a huge problem with logins that are really not abusing you or trying to. They get sent an account inactivated e-mail because their IP changed which is not in their control. You end up with upset users / customers / clients.
Just to clarify....
The IP count check is per 24 hours. It inactivates their account for good if max IP # is reached until you review it and either re-activate, delete, or just leave inactivated.
It does not just inactivate the account for 24 hours.