I am the judge keeper for USAK, and I moderate the house games on that judge. This article is my opinion, although I write much as if it were fact. I am also a security advocate in the judge community and a play by post player.
The proper goal of security in an on-line game is not to create an impenetrable fortress to deny cheaters entrance. That would be impossible. It is possible, however, to create a reasonably safe environment for play. This process begins with a threat assessment and uses that information to implement relevant security measures.
Duplicate position cheating is a real threat, but one that can be handled. Servers already track the addresses used to access the game and report to the administrators when players make mistakes and post orders from the wrong account or use the same computer.
Collusion, in the form of friends and family joining a public game, is indistinguishable from duplicate position cheating in most cases. It is caught and punished in the same way on most servers.
The above forms of cheating usually happen in novice games, which gives some credence to the perpetrators' claims that they did not know or understand the rules.
The most common form of accusation, however, is collusion among unrelated players. This can rarely be proven, but can often be disproved. It is rare in practice, certainly hard to notice, but the payoff is so small compared to the risk of a permanent ban such that it is believable this form of collusion might be as rare as it seems. My own approach to this problem is to examine the press (or signals in no press games) and to lower the ban hammer if I cannot disprove the allegation. So far, I have zero bans for this reason in seven accusations among nearly 300 games I have recently moderated.
Eliminating duplicates requires more draconian measures, steps that I am willing to take as an administrator. For the US, it is possible to confirm physical addresses to a certain level and to follow that by limiting play in one game to those who do not live close enough to be the same person. This breaks down some overseas, but there is still the option to limit a game to one UK player, for example. The severe part of the security measures are when it comes to enforcing a ban.
Enforcing a ban means blocking all registrations that look like they came from the same computer, now and for the foreseeable future. Practically speaking, that means blocking a network address lasts 1 to 6 months. That's not long, but hopefully long enough for the cheater to move on to a different hobby.
If you wish to e-mail feedback on this article to the author, and clicking on the envelope above does not work for you, feel free to use the "Dear DP..." mail interface.