I had actually considered tracking usernames as well but dismissed that early on (and of course I realize now that was foolish of me) thinking that it would be better for overall site security to try and stop someone from repeatedly hitting the site trying different names / password combos. Thanks for pointing out that many people inside a network can have a single external IP I'd actually come accross that with my own office.
↧