The IP address idea should work fine.

Is this a web application? If so, what is it based on (PHP, ASP, Coldfusion, etc.)?

If you don't mind spending a few bucks you could also go with a hardware token. They are usually USB fobs that kave unique keys. You can tie them into web apps and only people who have the fob can log in. Do a search on "USB token" and you will find more info. Plan to spend $100-$200 for this solution.

I dont think I explained it well enough. This will be on an e-commerce site. Their customers all over the world will have a user name/password, but the store owners want there to be a restriction on each individual login to only be valid from that registered computer. There will be thousands of logins, but each one will be limited to use from their computer only.

I have never had a request like this, but I can see why they would want it. They want their prices and inventory to not be shared with their competition...it is such a comptetitive market.

The IP address solution will be far from perfect. Many users have no fixed IP address, and many IP addresses (e.g. corporate firewalls) can be simultaneously used by many computers.

A baby step towards what you want to accomplish: Inform users that their account will be suspended if more than one person logs on to the account at a time. They can always call or email to get it unsuspended, but it would be a disincentive to sharing their login with anyone else.

With your new restrictions and amount of people that need access, the USB fob looks like a good solution. With 1000's of users you can get them for a few bucks apiece and be sure each user can only log in on one PC at a time.

Another solution would be to distribute RSA SecureID devices to all the users. They display a 6 digit number on a LCD that changes every 7 seconds. Your password is whatever you want + the number currently displayed. That makes pretty sure that only the person in posession of the device can login. They are fairly cheap also.

Thanks guys, I appreciate all the help. I think the client is thinking there is an easier (and less costly) solution than sending their customers something they have to use to gain access. In my opinion, I don't think there is as much of a threat of competitors wanting prices as they feel. Besides, they hand out price sheets to anyone with a resale licence...it can't be too hard for their competitors to get ahold of a printed sheet.

I think if we have individual sign-ins and passwords as opposed to a general password that is the same for everyone, that will be enough. If someone has a unique password, they are less likely to share it with other people/companies. It feels more personal to them.

You could restrict logins so people can only log in from one computer at a time (use cookies for that). This would not solve the problem but could help a bit.