Account sharing? Is it possible to limit the number of units for a member?

Hi! Is there any type of limit to the number of units that can log in for a specific paying member on a ghost site? Or is there any other way of battling account sharing? Thanks in advance from a complete rookie. :)

/David

Magic links (like 2FA) are generally a nuisance for account-sharers, because the account holder has to forward the magic link to the friend trying to log in.

Soā€¦ if youā€™re self-hosting, you might look at changing the expiration on the cookie issued by Ghost to require more frequent logins. Iā€™m not sure if thereā€™s a config setting that does that - one isnā€™t jumping out at me, but if you can edit the code, you should be able to change it. Update: Itā€™s hard coded: Ghost/ghost/members-ssr/lib/members-ssr.js at main Ā· TryGhost/Ghost Ā· GitHub - thatā€™s the file youā€™d need to change in the Ghost core.

If you donā€™t want to touch the Ghost core (for good reasons like having to deal with updates), or if you need something to work in managed hosting, thereā€™s a ā€˜log out of all devicesā€™ option on each memberā€™s page. You could write some automation that uses that endpoint to log out each member every so often (a few days? a few weeks?). Your non-sharing members will probably also hate that, unfortunately, but itā€™ll be a real pain for the sharers.

Reality check: If your content goes out over email, itā€™s hard to prevent the recipient from just forwarding it, so before you do anything from the list above, it may be worth thinking about ways in which users might be sharing. Adding friction to only one route may not be very effective.

1 Like