You sell a software product and you want to protect it against piracy by using license keys. You know you need to make sure users cannot reuse a license key on any computer. Now the tough decision: what unique identifier do you use to bind the license key to?

 

 

The answer to this question depends on several factors. Let’s review some alternatives (this is not an exhaustive list):

  • Bind the license key to the Computer Name. This is pretty straightforward. Hardware changes do not affect the license. A rename of the computer invalidates the license. Users could setup other computers with the same name on a different network to reuse the license key. The benefit of using a Computer Name is its reliability. It’s a solution that consistently works with minimal support issues. The drawback is that users could install the software on another machine if they give that machine the same name as the original system.
  • Bind the license key to a MAC address of the network card. This is a pretty common approach although it could get complicated depending on the user’s hardware. Most computers nowadays have multiple network cards. Network cards are not always enabled and sometimes, in the case of USB network cards, they may not even be connected. Additionally, an advanced user can modify their MAC address at will.
  • Bind the license key to a Hard Disk serial number. This is a bit more reliable than the previous option. You just need to make sure you skip removable drives. There may be cases where you will not be able to retrieve a hard disk serial number, in which case you may want to fall back onto another identifier. Additionally, if the user’s hard drive is replaced, the license key is no longer valid.
  • Bind the license key to the CPU ID. This is another common approach that works with most modern computers. Here again, you want to make sure to handle systems with multiple CPUs. A CPU replacement invalidates the license.
  • Bind the license key to a combination of the above.

Given these choices, which option to pick depends on the following factors:

  • What is your target market?
  • Do you have a large support organization?
  • Do you have a large customer base?

If your target market is the enterprise market, small, medium or large, we recommend binding the license to the Computer Name. In medium and large companies, software piracy is not prevalent. In addition, most companies run a Domain Controller that manages all computers in the organization. It is not possible in this context to have two computers with the same name. It may not be practical either for a company to keep computers outside of the domain infrastructure to bypass licensing. Finally, corporate customers can get quickly frustrated if they start experiencing licensing issues after hardware changes. You need to balance security with customer satisfaction.

If your target market is the consumer market, then the decision is based on these factors:

  • How many support calls can you handle?
  • Is you software a prime target for hackers?
  • Is your software affordable?

If you are a one man show or have a small support organization that is already busy on application related issues, once again, we recommend the Computer Name approach. Dealing with license key issues is not your primary business and you certainly do not want to spend a good portion of your time figuring out what hardware change broke the license.

If your software is a prime target for hackers, then consider the CPU ID or Hard Disk Serial Number with the possibility of reverting to a Computer Name if these identifiers cannot be retrieved.

If your software is affordable, then it may be less of a target for hackers. Consumers do not mind paying a low price for a product that meets their needs. Piracy is most common with highly priced products.

Whichever solution you end up picking, keep in mind that someone, somewhere will always try to hack your software and get a free copy. Is it worth your while? Is it worth implementing a very strict license policy and potentially alienate paying customers to protect against a few hackers? It’s a decision you need to think about seriously as it that has a direct impact on your bottom line, one way or another.