“The author could have used product activation against a secret, not against a publicly available piece of information (email address), which is the root of the insecurity in the first place. Registration keys, although they are a nuisance, have worked for decades now. You can alleviate the nuisance with simple usability tricks with them.”

I rather not get into a discussion about registration vs. activation, but I will say that he probably chose to use the email address because it’s the one thing most users won’t forget or lose. It’s certainly not the best piece of information to use, but it is one that will drastically cut the number of “I’ve lost my activation code” emails he’d have to respond to.

“The author could have accepted that some keys get abused as a cost of doing business.”

It’s a cost of doing business, but it’s a higher cost for some businesses than others. His product is very popular, so I’d imagine a massive amount of piracy is involved. In this case it’s worth the author expending effort to try and combat piracy, as even a 1% reduction would have a huge impact on the bottom line.

I agree wholeheartedly. I actually plan to use “activation” in the next version of my product and plan to make it “secret-based” with massive amounts of benefit-of-the-doubt sprinkled in.

I can’t imagine ever treating a customer the way that guy did. They are each too valuable for that – even if I one day have thousands, as we all hope to get.

As a new ISVer, this is the kind of story I like to hear about, to not make the same mistake myself.