Yes ofcourse there are ways to prevent it. However, in many cases they are very impractical.
1) Require the connection to be from a certain IP address
2) Get a VPN between server/client
3) Send the member a physical card and/or calculator like internet banks do. This would require you to have the card/calculator to log in.
.. There are lots of other ways as well, but won't bother mentioning them.
However, the obvious solution would be #1. You can extend this a bit, as it's kind of logical that people connect from different addresses (dialups etc.).
You can for example specify an ip-range (or several) that are allowed for a specific user. This would at least limit the number of people who can (ab)use the account.
One step further is to limit the number of simultaneous users on the same account. I.e. if a different session with less than 10 minutes idle-time exists, you're not allowed to login. This would limit the number of people who bothers.
Combine the two, and you've come quite far.
(And to tune down, you may allow a user in Germany to login from .de domains, but not from .as, .cz, .fi etc.)
