Article Contents Related Articles Tags
  • No tags found.
Was This Helpful? Last Updated
  • 2012/07/03

Login Abuse Detection

The program has a number of built-in features to prevent password sharing abuse.

Trackstat

Trackstat is a numerical representation of how likely the program believes a user is to be sharing passwords. The trackstat number for any user can be found from the "User Management Screen" within the administrative control panel. Look for the "Pwd Abuse" line on the right side of the management screen.

How It Works

Trackstat is an IP-based comparison system. It takes the Trackstat Logins option and compares the number of logins within that set that have unique IPs. More unique IPs means that the program can assume with a higher degree of confidence that the the user is sharing passwords. The exact sensitivity of the system is established by the Trackstat Rating option. So if Trackstat Rating is set to 20, the program will only allow 20% of IPs to be unique before it triggers the action set up within the Trackstat Action option. Hence why a lower value in that option means a stricter system.

Trackstat Number

The trackstat number is based on the settings you establish within the program settings (see section below).

Trackstat Settings

The following settings are established from the program settings (Settings » Login Options).

SettingPurpose
Use Trackstat?Whether you wish to use the system.
Trackstat RatingRepresents the percent of unique IPs allowed by the system before it considers the possibility of password sharing. A lower value means that the the program will be stricter.
Trackstat LoginsEstablishes the number of logins to consider when calculating the trackstat number. If a user does not have enough logins, the program will return a "Not enough data" message on the user management screen. Note that the higher this number, the more accurate the system will be, but it will also take longer to return a valid assessment of the user's password sharing possibility.
Trackstat ActionWhat to do if a user fails a trackstat check. "email" will notify the e-mail address listed in the Trackstat E-Mail option, while "deny" will prevent the user from logging into his/her account.
Trackstat E-MailIf Trackstat Action is set to "email", a notice of a violation will be sent to this e-mail address.

Flag Exemption

You can exclude users some these checks from the user management screen by setting the Flag Exemption setting to "Yes".

Concurrent Login Prevention

On top of the trackstat system, the program has a more immediate password sharing abuse system which will prevent multiple IPs from logging into an account within 15 minutes of each other.

You can turn the system on by setting the Prevent Concurrent Logins option to "Yes", and you can tell the program to deny login to any account for which concurrent logins are detected using the Concurrent Login Action option.