you can create a function to check whether somebody's already logged in or not. So say if user 1 logs in with username joe, and user 2 logs in as username joe, you can see that joe is already active in your sessions and block the user. You can also add the ability to email this dual log on attempt to yourself so you can suspend/ban the account.
edit: adding some more.
This would also work if the user doesnt specifically have a home computer. Perhaps they only use the internet at Internet cafes, or at friends houses, so it would be bad to bind a certain IP address to somebody's account. As long as only one person can use the account at one time, you shouldnt really care if they give out the password.