Skip to main content

Hi fellow admins,

I’d like to start a conversation on what can be done (if anything) to prevent users sharing their login credentials with other people. If you sell individual courses, use a subscription model, or just need to protect the confidentiality of your site, do you do anything to monitor and prevent credentials being shared?

Hmm. I wonder if this falls into, more work and effort than is worth to find and prevent more loss? Like you just know there is some amount of sharing and loss?

I guess it depends on your model thoigh. You could do some sort of regular password reset to the known email address, but it would be annoying and essentially punishing those doing the right thing. 
 

I suppose some sort of two factor would resolve it largely, but curious how that works with manual enrollment and sign ups. 


@Bfarkas Yeah, maybe it’s better to accept that some sharing will occur.

Have you ever used the following security setting by the way? It looks promising but I wonder how disruptive it might be to the user experience.

 


@Bfarkas Yeah, maybe it’s better to accept that some sharing will occur.

Have you ever used the following security setting by the way? It looks promising but I wonder how disruptive it might be to the user experience.

 

I have not used in Docebo, but have used similar in other platforms and received so many support complaints from users doing legitimate things or cache issues etc. that it became more effort than worth again. Worth trying, but also doesn’t prevent sharing, I’ll point to a friend who has the lowest tier of Netflix, so two screens at one time but shares with 5 different houses, and they never run into the issue or very rarely. 


This is a frequent conversation topic with my team, and a tricky one. These are what’s at the top of my mind:

  1. I’m a big proponent of 2 factor authentication if you have the option to use a third party SSO service. There are pros and cons of course- it’s much harder to share a login, but you might also get more support calls from users needing help setting up/troubleshooting 2 factor.
  2. From the course design perspective- if you offer something that only provides value to a single named individual, that can help. This is the angle I push the most with my team. Think course certificates, badges, CEUs, maybe even some components of synchronous learning if at all possible.
  3. Include your policy on password sharing on Terms & Conditions, course descriptions &/or informational pages prior to registration, registration emails, ect. We include it in our Terms & Conditions- not well read, but still important.

I’m not a fan of disabling simultaneous logins either- makes for a frustrating experience like @Bfarkas described. If you come up with any other creative solutions I’d be excited to hear!


This is a frequent conversation topic with my team, and a tricky one. These are what’s at the top of my mind:

  1. I’m a big proponent of 2 factor authentication if you have the option to use a third party SSO service. There are pros and cons of course- it’s much harder to share a login, but you might also get more support calls from users needing help setting up/troubleshooting 2 factor.
  2. From the course design perspective- if you offer something that only provides value to a single named individual, that can help. This is the angle I push the most with my team. Think course certificates, badges, CEUs, maybe even some components of synchronous learning if at all possible.
  3. Include your policy on password sharing on Terms & Conditions, course descriptions &/or informational pages prior to registration, registration emails, ect. We include it in our Terms & Conditions- not well read, but still important.

I’m not a fan of disabling simultaneous logins either- makes for a frustrating experience like @Bfarkas described. If you come up with any other creative solutions I’d be excited to hear!

Love this second bullet, it falls into my common though of, design better experiences and content and worry less about how people are cheating.


@sgary Thanks for the feedback! As @Bfarkas says, #2 is a really good point. I hadn’t thought about it too much until you mentioned it, but nudging users in the right direction with personal rewards sounds like an excellent strategy!


Using single sign on may help. We use our internal SSO through Azure for our internal users, and Salesforce integration for our external users.


Thanks @Maz, we use Salesforce SSO for our external users. I'm sure it's not foolproof, but hopefully it gives us another layer of protection.


 


Reply