How account sharing prevention works

Rupt does two main things:

  1. Detect shared accounts.
  2. Attempt to nudge account sharers (a.k.a ghost users) to create their own accounts.

On a high level, Rupt uses client & server-side signals to infer if more than one person uses a given account. The signals include but are not limited to the number of unique devices associated with this account, the frequency of access, the IP information, impossible travel signals, and more.

In order for Rupt to get these signals, you integrate a client library (JS, iOS, Android) into your project and call an attach function that links the device to the user's account.

Rupt will intervene (if configured to do so) in one of two cases:

  1. Appears to be used by more than one person (via signal analysis)
  2. Has too many devices associated (you can configure the limit via code or the dashboard settings)

Then Rupt will redirect the user to a Challenge page. This is a customized and branded page where users are asked to create their own account. If the user elects to create a new account, Rupt will redirect to a URL of your choice to guide them to create a new account. Detecting a shared account and asking them to convert via Rupt

If this account owner, they need to verify ownership via multi-factor-authentication (can be turned off in the settings too). A shared account owner is asked to enter multi-factor-authentication to verify ownership via Rupt

After verifying ownership of the account, if there are too many devices associated with the account, the user will be asked to log out devices until the number of devices is within your configured limit. Limit the number of devices & concurrent logins of a user using Rupt

Once the user is back within the device limit. They can continue using the app. If we detect another person (using intelligent signals), then we start the same journey again. The is now back within the device limits for the account.

Of course, this is only a high-level overview. You can customize almost every part of the flow and even use code and APIs to create your entirely manual flow. But this gives you an idea of how Rupt prevents account sharing and converts account sharers into happy paying customers.