How account sharing prevention works
If you're ready to get started, you can skip this page and jump to the quick start guide.
Rupt does two main things:
- Detect shared accounts.
- Attempt to nudge account sharers to create their own accounts (optional).
On a high level, Rupt uses client & server-side signals to infer if more than one person uses a given account. The signals include but are not limited to the number of unique devices associated with this account, the frequency of access, the IP information, impossible travel signals, and more.
In order for Rupt to get these signals, you integrate a client library (JS, iOS, Android) into your project and call an attach
function that links the device to the user's account.
Rupt will intervene (if configured to do so) in one of two cases:
- More than one person uses the account (inferred via signal analysis)
- The account has too many devices associated (you can configure the limit via code or the dashboard settings)
Rupt will redirect the user to a challenge page. This is a customized and branded page where users are asked to create their own account. If the user elects to create a new account, Rupt will redirect to a URL of your choice to guide them to create a new account.
If this account owner, they need to verify ownership via multi-factor-authentication (can be turned off in the settings too).
After verifying ownership of the account, if there are too many devices associated with the account, the user will be asked to log out devices until the number of devices is within your configured limit.
Once the user is back within the device limit. They can continue using the app. If we detect another person (using intelligent signals), then we start the same journey again.
Of course, this is only a high-level overview. You can customize almost every part of the flow and even use APIs to create your custom challenge flow. But this gives you an idea of how Rupt prevents account sharing and converts account sharers into happy paying customers.