In cases like this, it's worth asking:
- what is the harm of one player cheating by using save data of another
- how far are you willing to go to prevent that damage, and whether you can let cheating players off the hook sometimes
Note that while there are various security measures available that prevent save-sharing, they tend to be pretty intrusive and/or cumbersome. There are two broad categories I can think of:
1. Identifying the machine/system of the player - it can be intrusive a lot and, depending on specific solution used, can result in unstable saves or holey security. Examples would include:
- IP address (prone to change in some machines, so the saves are unstable a lot)
-
MAC address (feels pretty intrusive to me, not sure if system security won't protest when trying to access it; GM probably can't retrieve one natively, you'd need to use an extension instead)
- Windows account name (it should be supported on all Windows machine; the save can work on same-named accounts on different machines, but changing an account name to cheat in a game is still a hassle; the save won't work between different Windows accounts)
2. Online verification - the player needs to login to the game server first in order to play the game for the first time, and that player information becomes the key to the save data. If you want to ensure the save won't be opened without proper verification, you need to make an online check every time you load the game. Still won't work if someone shares their account freely, unless you add separate server-side measures against using the same account across too many machines.
Another thing that should be noted - once someone has the game file itself, they can still reverse-engineer your saving system given enough effort, and there's nothing you can do to stop it for good.
My personal take
As long as the save data only affects the offline state of the game (as opposed to e.g. online achievements or something), I would employ extra measures preventing save-sharing. I imagine getting the proper save should be difficult enough that most players won't bother cheating that way, and those that do... well, it's up to them what they do offline. I'd still do some minimal save integrity check so that cheating will be too difficult to bother for most people. However, I wouldn't go out of my way to prevent save-sharing itself, because the effort and potential annoyance to the player outweighs the harm prevented. Then again - I don't see offline cheating as that great of a harm to my game.
When it comes to online games, I might be more cautious - but since the game uses online connections anyway, I might as well employ online verification measures. There's still a problem of the game itself containing all the online connection logic, which cheaters might employ. This can be mitigated sometimes - e.g. if you have a puzzle game like sudoku, then you can store puzzles and answers on server side, and the game doesn't have the data necessary to cheat on a specific puzzle. But in some cases all the data required to count as a "win" might need to be stored in the game itself anyway, and then cheaters might extract that data. But at the very least, if I know someone is obviously cheating, I can invalidate their result on my game server.
For me, in the end, it's about how much the game is harmed by cheating. Having people cheat offline mostly affects them, so it's not a major concern to me. An online-connected game might be harmed somewhat by cheating (especially if the cheaters occupy the top of the leaderboards), but you can prevent save-file sharing by using logged in user data, so that someone doesn't get bragging rights on their account from someone else's save.
Also, please keep in mind that there are various methods cheaters can use - some more elaborate than the others - and it's near impossible to prevent all the cheating with people owning a game copy. So it becomes less about "how to prevent cheating" and more of "how much of a hassle should the cheating be, so that most people won't bother".