Product key on a Proof of License Certificate of Authenticity for Windows Vista Home Premium

A product key, also known as a software key, serial key or activation key, is a specific software-based key for a computer program. It certifies that the copy of the program is original.

Product keys consist of a series of numbers and/or letters. This sequence is typically entered by the user during the installation of computer software, and is then passed to a verification function in the program. This function manipulates the key sequence according to a mathematical algorithm and attempts to match the results to a set of valid solutions.


Standard key generation, where product keys are generated mathematically, is not completely effective in stopping copyright infringement of software, as these keys can be distributed. In addition, with improved communication from the rise of the Internet, more sophisticated attacks on keys such as cracks (removing the need for a key) and product key generators have become common.

Because of this, software publishers use additional product activation methods to verify that keys are both valid and uncompromised. One method assigns a product key based on a unique feature of the purchaser's computer hardware, which cannot be as easily duplicated since it depends on the user's hardware. Another method involves requiring one-time or periodical validation of the product key with an internet server (for games with an online component, this is done whenever the user signs in). The server can deactivate unmodified client software presenting invalid or compromised keys. Modified clients may bypass these checks,[1] but the server can still deny those clients information or communication.


Windows 95 retail key

Windows 95 retail product keys take the form XXX-XXXXXXX.[2] To determine whether the key is valid, Windows 95 performs the following checks:

If all checks pass, the product key is valid.


Some of the most effective product key protections are controversial due to inconvenience, strict enforcement, harsh penalties and, in some cases, false positives. Some product keys use uncompromising digital procedures to enforce the license agreement.


Product keys are somewhat inconvenient for end users. Not only do they need to be entered whenever a program is installed, but the user must also be sure not to lose them. Loss of a product key usually means the software is useless once uninstalled, unless, prior to uninstallation, a key recovery application is used (although not all programs support this).[3]

Product keys also present new ways for distribution to go wrong. If a product is shipped with missing or invalid keys, then the product itself is useless. For example, all copies of Splinter Cell: Pandora Tomorrow originally shipped to Australia without product keys.[4]

Enforcement and penalties

There are many cases of permanent bans enforced by companies detecting usage violations. It is common for an online system to immediately blacklist an account caught running cracks or, in some cases, cheats. This results in a permanent ban. Players who wish to continue use of the software must repurchase it. This has inevitably led to criticism over the motivations of enforcing permanent bans.[citation needed]

Particularly controversial is the situation which arises when multiple products' keys are bound together. If products have dependencies on other products (as is the case with expansion packs), it is common for companies to ban all bound products. For example, if a fake key is used with an expansion pack, the server may ban legitimate keys from the original game. Similarly, with Valve's Steam service, all products the user has purchased are bound into the one account. If this account is banned, the user will lose access to every product associated with the same account.[5]

This "multi-ban" is highly controversial, since it bans users from products which they have legitimately purchased and used.[citation needed]

False positives

Bans are enforced by servers immediately upon detection of cracks or cheats, usually without human intervention. Sometimes, legitimate users are wrongly deemed in violation of the license, and banned. In large cases of false positives, they are sometimes corrected (as happened in World of Warcraft.[6]) However, individual cases may not be given any attention.[citation needed]

A common cause of false positives (as with the World of Warcraft case above) is users of unsupported platforms. For example, users of Linux can run Windows applications through compatibility layers such as Wine and Cedega. This software combination sometimes triggers the game's server anti-cheating software, resulting in a ban due to Wine or Cedega being a Windows API compatibility layer for Linux, so it is considered third-party (cheating) software by the game's server.[7] [citation needed]

See also


  1. ^ Chang, Hoi; Atallah, Mikhail J. (2002). "Protecting Software Codes by Guards". Security and Privacy in Digital Rights Management. Springer. p. 160-175. doi:10.1007/3-540-47870-1_10. ISBN 978-3-540-47870-6.
  2. ^ Upadhyay, Saket (May 14, 2021). "Reversing Microsoft's Windows95 Product Key Check Mechanism".
  3. ^ "ProduKey - Recover lost product key (CD-Key) of Windows/MS-Office/SQL Server". NirSoft. Retrieved 2021-02-09.
  4. ^ Australian Pandora Tomorrow CD-Key Problems Shack News
  5. ^ "Valve suspends 20,000 Steam accounts". GameSpot. Retrieved 2013-05-15.
  6. ^ Blizzard Unbans Linux World of Warcraft Players Softpedia
  7. ^ "Linux users banned from Diablo 3- End Gamers". Archived from the original on 2012-07-10. Retrieved 2012-08-14.