[{"data":1,"prerenderedAt":366},["ShallowReactive",2],{"docsv3-nav":3,"\u002Fdocs\u002Fv3\u002Fguides\u002Fmulti-accounting-prevention":198},[4],{"title":5,"path":6,"stem":7,"children":8,"page":188},"V3","\u002Fdocs\u002Fv3","1.docs\u002Fv3",[9,13,17,21,38,87,189],{"title":10,"path":11,"stem":12},"Introduction","\u002Fdocs\u002Fv3\u002Fintroduction","1.docs\u002Fv3\u002F1.Introduction",{"title":14,"path":15,"stem":16},"Quick start","\u002Fdocs\u002Fv3\u002Fquick-start","1.docs\u002Fv3\u002F2.Quick start",{"title":18,"path":19,"stem":20},"Challenge flow","\u002Fdocs\u002Fv3\u002Fchallenge-flow","1.docs\u002Fv3\u002F3.Challenge flow",{"title":22,"path":23,"stem":24,"children":25},"Fundamentals","\u002Fdocs\u002Fv3\u002Ffundamentals","1.docs\u002Fv3\u002F4.fundamentals",[26,30,34],{"title":27,"path":28,"stem":29},"Signup protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Fsignup-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F00.Signup protection",{"title":31,"path":32,"stem":33},"Login protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F01.Login protection",{"title":35,"path":36,"stem":37},"Access protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Faccess-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F02.Access protection",{"title":39,"path":40,"stem":41,"children":42},"Guides","\u002Fdocs\u002Fv3\u002Fguides","1.docs\u002Fv3\u002F5.guides",[43,47,51,55,59,63,67,71,75,79,83],{"title":44,"path":45,"stem":46},"Account sharing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-sharing-prevention","1.docs\u002Fv3\u002F5.guides\u002F1.Account sharing prevention",{"title":48,"path":49,"stem":50},"Web scraping prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fweb-scraping-prevention","1.docs\u002Fv3\u002F5.guides\u002F13.Web scraping prevention",{"title":52,"path":53,"stem":54},"Ban enforcement","\u002Fdocs\u002Fv3\u002Fguides\u002Fban-enforcement","1.docs\u002Fv3\u002F5.guides\u002F14.Ban enforcement",{"title":56,"path":57,"stem":58},"Chargeback dispute","\u002Fdocs\u002Fv3\u002Fguides\u002Fchargeback-dispute","1.docs\u002Fv3\u002F5.guides\u002F15.Chargeback dispute",{"title":60,"path":61,"stem":62},"Multi-accounting prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fmulti-accounting-prevention","1.docs\u002Fv3\u002F5.guides\u002F16.Multi-accounting prevention",{"title":64,"path":65,"stem":66},"Account takeover prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-takeover-prevention","1.docs\u002Fv3\u002F5.guides\u002F2.Account takeover prevention",{"title":68,"path":69,"stem":70},"Risky transaction prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Frisky-transaction-prevention","1.docs\u002Fv3\u002F5.guides\u002F20.Risky transaction prevention",{"title":72,"path":73,"stem":74},"Fake account detection","\u002Fdocs\u002Fv3\u002Fguides\u002Ffake-account-detection","1.docs\u002Fv3\u002F5.guides\u002F3.Fake account detection",{"title":76,"path":77,"stem":78},"Bot detection","\u002Fdocs\u002Fv3\u002Fguides\u002Fbot-detection","1.docs\u002Fv3\u002F5.guides\u002F4.Bot detection",{"title":80,"path":81,"stem":82},"Card testing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fcard-testing-prevention","1.docs\u002Fv3\u002F5.guides\u002F5.Card testing prevention",{"title":84,"path":85,"stem":86},"Incentive abuse prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fincentive-abuse-prevention","1.docs\u002Fv3\u002F5.guides\u002F9.Incentive abuse prevention",{"title":88,"path":89,"stem":90,"children":91,"page":188},"Concepts","\u002Fdocs\u002Fv3\u002Fconcepts","1.docs\u002Fv3\u002F6.concepts",[92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184],{"title":93,"path":94,"stem":95},"Evaluations","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations","1.docs\u002Fv3\u002F6.concepts\u002F01.evaluations",{"title":97,"path":98,"stem":99},"Actions","\u002Fdocs\u002Fv3\u002Fconcepts\u002Factions","1.docs\u002Fv3\u002F6.concepts\u002F02.actions",{"title":101,"path":102,"stem":103},"Signals","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals","1.docs\u002Fv3\u002F6.concepts\u002F03.signals",{"title":105,"path":106,"stem":107},"Checks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks","1.docs\u002Fv3\u002F6.concepts\u002F04.checks",{"title":109,"path":110,"stem":111},"Risks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks","1.docs\u002Fv3\u002F6.concepts\u002F05.risks",{"title":113,"path":114,"stem":115},"Verdicts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts","1.docs\u002Fv3\u002F6.concepts\u002F06.verdicts",{"title":117,"path":118,"stem":119},"Policies","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies","1.docs\u002Fv3\u002F6.concepts\u002F07.policies",{"title":121,"path":122,"stem":123},"Challenges","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchallenges","1.docs\u002Fv3\u002F6.concepts\u002F08.challenges",{"title":125,"path":126,"stem":127},"Concurrency","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency","1.docs\u002Fv3\u002F6.concepts\u002F09.concurrency",{"title":129,"path":130,"stem":131},"Impossible travel","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel","1.docs\u002Fv3\u002F6.concepts\u002F10.impossible-travel",{"title":133,"path":134,"stem":135},"Bots","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fbots","1.docs\u002Fv3\u002F6.concepts\u002F11.bots",{"title":137,"path":138,"stem":139},"Devices","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices","1.docs\u002Fv3\u002F6.concepts\u002F12.devices",{"title":141,"path":142,"stem":143},"Fingerprints","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints","1.docs\u002Fv3\u002F6.concepts\u002F13.fingerprints",{"title":145,"path":146,"stem":147},"People","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpeople","1.docs\u002Fv3\u002F6.concepts\u002F14.people",{"title":149,"path":150,"stem":151},"Lists","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flists","1.docs\u002Fv3\u002F6.concepts\u002F15.lists",{"title":153,"path":154,"stem":155},"Account takeover","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover","1.docs\u002Fv3\u002F6.concepts\u002F16.account-takeover",{"title":157,"path":158,"stem":159},"Account sharing","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing","1.docs\u002Fv3\u002F6.concepts\u002F17.account-sharing",{"title":161,"path":162,"stem":163},"Fake account","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffake-account","1.docs\u002Fv3\u002F6.concepts\u002F18.fake-account",{"title":165,"path":166,"stem":167},"Scraping","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping","1.docs\u002Fv3\u002F6.concepts\u002F19.scraping",{"title":169,"path":170,"stem":171},"Linked accounts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts","1.docs\u002Fv3\u002F6.concepts\u002F20.linked-accounts",{"title":173,"path":174,"stem":175},"New IP","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip","1.docs\u002Fv3\u002F6.concepts\u002F21.ip",{"title":177,"path":178,"stem":179},"Anonymizing network","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network","1.docs\u002Fv3\u002F6.concepts\u002F22.anonymizing-network",{"title":181,"path":182,"stem":183},"Email quality","\u002Fdocs\u002Fv3\u002Fconcepts\u002Femail","1.docs\u002Fv3\u002F6.concepts\u002F23.email",{"title":185,"path":186,"stem":187},"Velocity","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fvelocity","1.docs\u002Fv3\u002F6.concepts\u002F24.velocity",false,{"title":190,"path":191,"stem":192,"children":193,"page":188},"Advanced","\u002Fdocs\u002Fv3\u002Fadvanced","1.docs\u002Fv3\u002F7.Advanced",[194],{"title":195,"path":196,"stem":197},"Proxy setup","\u002Fdocs\u002Fv3\u002Fadvanced\u002Fproxy-setup","1.docs\u002Fv3\u002F7.Advanced\u002F1.Proxy-setup",{"id":199,"title":60,"body":200,"description":210,"extension":360,"meta":361,"navigation":362,"path":61,"rawbody":363,"seo":364,"stem":62,"__hash__":365},"docsv3\u002F1.docs\u002Fv3\u002F5.guides\u002F16.Multi-accounting prevention.md",{"type":201,"value":202,"toc":353},"minimark",[203,207,211,216,226,230,240,305,321,324,328],[204,205,60],"h1",{"id":206},"multi-accounting-prevention",[208,209,210],"p",{},"Multi-accounting is one person running many accounts: trial farming, incentive abuse, ban evasion, or padding out fake leads.",[212,213,215],"h2",{"id":214},"step-1-set-up-login-and-signup-protection","Step 1: Set up login and signup protection",[208,217,218,219,222,223,225],{},"Before anything else here, set up ",[220,221,27],"a",{"href":28}," and ",[220,224,31],{"href":32},". They're the basis this builds on, and without them the policies below can be bypassed. With those in place, the rest of this guide covers the policies that stop one person from spinning up account after account.",[212,227,229],{"id":228},"step-2-add-the-policies","Step 2: Add the policies",[208,231,232,233,239],{},"A policy has a trigger (the event it runs on) and a verdict. Add these in your ",[220,234,238],{"href":235,"rel":236},"https:\u002F\u002Fapp.rupt.dev\u002Fpolicies",[237],"nofollow","policies dashboard",":",[241,242,243,262],"table",{},[244,245,246],"thead",{},[247,248,249,253,256,259],"tr",{},[250,251,252],"th",{},"Policy",[250,254,255],{},"Trigger",[250,257,258],{},"Conditions",[250,260,261],{},"Verdict",[263,264,265,286],"tbody",{},[247,266,267,271,277,283],{},[268,269,270],"td",{},"Limit accounts per device",[268,272,273],{},[274,275,276],"code",{},"signup",[268,278,279,282],{},[274,280,281],{},"fingerprint_user_count"," is over your limit (2 is a fair start)",[268,284,285],{},"Challenge",[247,287,288,291,295,302],{},[268,289,290],{},"Limit accounts per phone",[268,292,293],{},[274,294,276],{},[268,296,297,298],{},"more than 2 accounts on one verified phone ",[299,300,301],"em",{},"(coming soon)",[268,303,304],{},"Deny",[208,306,307,308,312,313,316,317,320],{},"The two policies stack. Allow a couple of accounts per device, then ",[309,310,311],"strong",{},"challenge"," anyone past that, with the challenge set to ",[309,314,315],{},"require a phone number"," so the extra account has to verify a real phone before it continues. Then cap how many accounts a single verified phone can back, and ",[309,318,319],{},"deny"," beyond it. A real phone is far harder to mass-produce than an email, so this is what actually slows multi-accounting down.",[208,322,323],{},"Keep the device limit generous: a shared computer, a family, or an office is normal, so 2 (or higher) avoids punishing real users. Per-phone account limits are coming soon; until then the device limit plus required phone verification does most of the work.",[212,325,327],{"id":326},"related","Related",[329,330,331,340,348],"ul",{},[332,333,334,336,337,339],"li",{},[220,335,169],{"href":170},": the risk and the ",[274,338,281],{}," check behind it.",[332,341,342,222,345,347],{},[220,343,344],{"href":85},"Coupon abuse prevention",[220,346,52],{"href":53},": two common multi-accounting payoffs.",[332,349,350,352],{},[220,351,141],{"href":142},": how Rupt sees the shared device.",{"title":354,"searchDepth":355,"depth":355,"links":356},"",2,[357,358,359],{"id":214,"depth":355,"text":215},{"id":228,"depth":355,"text":229},{"id":326,"depth":355,"text":327},"md",{},true,"---\ntitle: Multi-accounting prevention\n---\n\n# Multi-accounting prevention\n\nMulti-accounting is one person running many accounts: trial farming, incentive abuse, ban evasion, or padding out fake leads.\n\n## Step 1: Set up login and signup protection\n\nBefore anything else here, set up [Signup protection](\u002Fdocs\u002Fv3\u002Ffundamentals\u002Fsignup-protection) and [Login protection](\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection). They're the basis this builds on, and without them the policies below can be bypassed. With those in place, the rest of this guide covers the policies that stop one person from spinning up account after account.\n\n## Step 2: Add the policies\n\nA policy has a trigger (the event it runs on) and a verdict. Add these in your [policies dashboard](https:\u002F\u002Fapp.rupt.dev\u002Fpolicies):\n\n| Policy                    | Trigger  | Conditions                                                      | Verdict   |\n| ------------------------- | -------- | --------------------------------------------------------------- | --------- |\n| Limit accounts per device | `signup` | `fingerprint_user_count` is over your limit (2 is a fair start) | Challenge |\n| Limit accounts per phone  | `signup` | more than 2 accounts on one verified phone _(coming soon)_      | Deny      |\n\nThe two policies stack. Allow a couple of accounts per device, then **challenge** anyone past that, with the challenge set to **require a phone number** so the extra account has to verify a real phone before it continues. Then cap how many accounts a single verified phone can back, and **deny** beyond it. A real phone is far harder to mass-produce than an email, so this is what actually slows multi-accounting down.\n\nKeep the device limit generous: a shared computer, a family, or an office is normal, so 2 (or higher) avoids punishing real users. Per-phone account limits are coming soon; until then the device limit plus required phone verification does most of the work.\n\n## Related\n\n- [Linked accounts](\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts): the risk and the `fingerprint_user_count` check behind it.\n- [Coupon abuse prevention](\u002Fdocs\u002Fv3\u002Fguides\u002Fincentive-abuse-prevention) and [Ban enforcement](\u002Fdocs\u002Fv3\u002Fguides\u002Fban-enforcement): two common multi-accounting payoffs.\n- [Fingerprints](\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints): how Rupt sees the shared device.\n",{"title":60,"description":210},"uwnK_GPWp_ac_4jbNUkNno-eAcedWdvBY-UlJBQQR_0",1780344893045]