Limit the concurrent logins by ACL for your website. It's possible to prevent multiple simultaneous logins and put a stop to username sharing.
Download Authentication - Session Limit from the RicheyWeb download page.
This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Authentication - Session Limit".
In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
Select the "Upload Package File" tab
Press the "Choose File" button to browse your system and locate the plugin file you downloaded
Press the "Upload & Install" button
At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Authentication - Session Limit".
Before you enable the plugin, in the Plugin Manager, filter the plugins by type and choose "Authentication". Click the first heading in the list (AKA the ordering column) which enables the order handles (three vertical dots). Drag the "Authentication - Session Limit" item to the top of the list. It MUST run before other authentication plugins.
Choose an immune ACL in the "Immune" configuration field. Users who match this ACL will not be held to any limit imposed by this plugin.
Create limits by adding a new row, selecting an ACL, and entering a limit.