Multiple account detection

A person could use different e-mails to create multiple user accounts. This is especially bad if there is something like a free trial period or similar. Therefore, I want to request if auth0 can help to detect if a person creates multiple user accounts and inform the application owner.

E.g. detecting if someone logs in with different e-mails for the same application from the same IP address.
E.g. if different e-mails have the same password hash.

Hello, @Rannick!

You could check this via Rules, if you are under a trial period, you should be able to test them.

You could see if there is a pre-made rule that could help with the desired flow, or create a new one, that reads the IP where the users are trying to sign up from, or something similar.

Thanks!

2 Likes

Hello Karen,

Thank you for the quick reply.
Could you provide me with examples how to compare password hashes with rules?

I can handle the IP detection on our side.

Hi @Rannick. People creating new accounts just to get your trial again can be really annoying, but getting these sticky users to upgrade can be worth it!

You could look at why they are doing this. Often its just because its free and easy, but sometimes it could be to do with a pricing or product issue. Maybe you can add something to the account so it gets more value over time. Like a gamified usage streak or something. But that doesnt always fit with the product.

To detect the multiple accounts you could try tracking the device outside of the user account. Consider using some sort of fingerprint, cookie, their IP address or some combination. Keep in mind they change at different rates. Upollo.ai have an API to do this and a guide for Auth0.