The current premise is that, by locally monitoring factors, such as the MAC and IP address a user is connected to, we can prevent others signing onto the same device. Essentially, one account may be accessed via multiple devices, however, only one account may be accessed per device. In theory, this should minimise the incentive to create multiple accounts, as there is presently no explicit way to circumvent the issue.
Why can’t someone spoof their MAC/IP address? Or even easier, buy two devices?