Hi All.

I'm wondering how would you stop client's, if possible from creating many ligitimate account on the server.

Do you need to ship an ID with each client app, If so how would you build this ID per app system.

Or some other way.

The reason is the Servers database could get filled with lots of accounts.

Do you set a limit in the server to prevent too many clients.

And what do you do with dead accounts, One's that are not active for some time. Do serever admins clean out there databases from time to time.

How do you even know whats a legitimate account is, if they fill in all the account fields with uneque values for the account data.

Do you get there email and some how test the email first ????

its hard to find this type of info on google I don't know what to search for. Any Ideads on search terms.

The easiest thing would be checking for a unique, functional email. More than that and people will find a way around it. Some will even try to avoid that or forget to update their email when it changes, then later complain if they forgot the password or there had to be a pw reset done and they have no more means to access their account.

I think, you should work on the core reasons why people feel the need to create many accounts.

If you annoy people with limited storage space, they will create mule accounts to store their items.

If you make it annoying or time consuming to sell off items to other players (not providing an easy to use and cost effective auction house with asynchronous messaging), they will just store them "for later" on more mule accounts.

If you have 8 character classes, but only offer 2 or 3 char slots per account, people will make 3 accounts.

If you cripple some or even all char classes to not be able to survive in the game alone in solo play, people will make another acount with characters to buff themselves with.

If you make it difficult to find groups ingame, people will be even more inclined to create buff accounts.

If you prevent people from starting the game client more than once, they will use 2 devices or hex edit the client.

If you prevent more than 1 account to play from one IP address, people complain about how they can't play with their relatives and will use another connection or VPN and blame you for increased cost/difficulty/lag.

If you require unique real names or government id numbers, people will loudly complain and some people will just put in fake names and numbers.

I take it this

The easiest thing would be checking for a unique, functional email. More than that and people will find a way around it. Some will even try to avoid that or forget to update their email when it changes, then later complain if they forgot the password or there had to be a pw reset done and they have no more means to access their account.

I think, you should work on the core reasons why people feel the need to create many accounts.

If you annoy people with limited storage space, they will create mule accounts to store their items.

If you make it annoying or time consuming to sell off items to other players (not providing an easy to use and cost effective auction house with asynchronous messaging), they will just store them "for later" on more mule accounts.

If you have 8 character classes, but only offer 2 or 3 char slots per account, people will make 3 accounts.

If you cripple some or even all char classes to not be able to survive in the game alone in solo play, people will make another acount with characters to buff themselves with.

If you make it difficult to find groups ingame, people will be even more inclined to create buff accounts.

If you prevent people from starting the game client more than once, they will use 2 devices or hex edit the client.

If you prevent more than 1 account to play from one IP address, people complain about how they can't play with their relatives and will use another connection or VPN and blame you for increased cost/difficulty/lag.

If you require unique real names or government id numbers, people will loudly complain and some people will just put in fake names and numbers

Means Just continue with game mechanics.

I short, there is nothing you can do. It's something everybody has to live with. Verifying that an email address is reachable (--> click a confirm link) is what is usually done, but it is little effective.

A lot of people use throwaway email addresses because they think there is no good reason why you should know one of their mail addresses, but there are good reasons why you shouldn't know any of them (in fact, I just checked and saw that much to my surprise, I used a valid email address to register on Gamedev... this is a rare thing).

Databases growing is -- usually -- not that much of an issue. While storage is not infinite, it is still affordable. A million or two user profiles will still conveniently fit on one disk, no hassle (ten million will, too... and if you have ten million accounts, you can afford a second disk). Lookup time does not go up that significantly either, and if it did, it would not matter (login is not that time critical).

Most games choose to never delete an inactive account, even if it hasn't been used for years, unless it's one that has never been used (or never gained a level). Why? Well because it costs next to nothing to keep it, but if you delete the wrong account only a single time, the shit storm that will come will be huge as soon as that user tries to log in again after 3 years.

Do you set a limit in the server to prevent too many clients.

Setting limits account/character numbers is unadvisable. A per-account limit of characters means people will create more accounts. A per-server limit on accounts means you have created a by-design DoS method (which inevitably someone will exploit).

How do you even know whats a legitimate account is, if they fill in all the account fields with uneque values for the account data.

Depending on your business model, one valid way may be: Anyone who paid you is "valid". However, again, depending on your business model, it may not be easy or applicable. If you are purely ad-driven, for example, how do you define "getting paid"? Impressions? Clicks? Conversions? Any of these might pay you or might prospectively get you paid.

Possible candidates for "non-legitimate" accounts would be ones that exist for years and have not gained one level in that time. But of course it's a tough call (you might still delete the wrong account!), and as soon as you publish a rationale, cheaters will make sure their mules all have e.g. level 5 so they will not be deleted.

Charge money for accounts

I was going to say the same thing as Hodgman: Charge money for accounts.

There exist device fingerpriting solutions, such as Blue Cava. Those kind-of work, most of the time. Except false positives (system images that are cloned in schools, internet cafes, etc) and false negatives (dedicated cheaters who use virtual machines with randomization.)