Fog Creek Software
Discussion Board

Implementing an authentication server?

Authentication servers are becoming well known - Windows XP uses this, as does Office XP and the latest Borland development tools.  I imagine there are quite a few others. 

Basically you install the software in question and it logs your unique ID (serial number and/or machine config) via the net to a central server.  This thing then sees if the same serial number gets authenticated again and allows a reasonable number of additional installs.  When this runs out you have to get on the phone and talk to The Man and explain yourself or you are SOL.

It seems me that to the honest user this is better than a dongle.  To the vendor this is more secure than just a bunch of unique serial numbers and their locally entered authentication codes, which can (and do) get passed around.

So, my question after that big wind up is: has anyone actually implemented such a thing on their own shrink wrap or vertical market product?  If so I would be grateful if you would share your experiences.

Many, many thanks.

Saturday, July 19, 2003

I haven't implemented it, but I know for a fact that it's not guaranteed to be more secure:

Those that do implement this server-side authentication will find that the software crackers will simply emulate the server or have the client-side authenticate "invalid serial #" requests coming back from the server.

Mickey Petersen
Saturday, July 19, 2003

"It seems to me that to the honest user this is better than a dongle."

Yes, but it doesn't mean they'll hate you any less for making them jump through hoops.

Brad Wilson (
Saturday, July 19, 2003

The big problem is that all sysadmins use cloning software. MS got round this by not having authentification necessary for the commercial versions of Office and Windows, but that means of course that the local CD shop will give me pirated versions of both for $1.

What you've got to decide is whether you will lose more sales through pirating, then you will from all the big companies that won't install your software because it doesn't clone.

Stephen Jones
Saturday, July 19, 2003

*  Recent Topics

*  Fog Creek Home