Nevertheless, some bad actor may take advantage of the simplicity of the implementation (which is, at the same time, also a strong feature of your product). Of course this would affect every user, not just the demo account.
I think this is one common issue with analytics products (Google Analytics itself has ridiculous amounts of spam referrers!). I guess may be a good idea to be proactive and plan some countermeasure at some point.
For every user you'd have to know all usernames which could be brute forced guessed or gathered with some sort of crawler.
It's definitely a great point you bring up I think with web analytics an attacker has a natural advantage since captchas would obviously not be feasable. But it is worth to but effort in not making it too easy.
Nevertheless, some bad actor may take advantage of the simplicity of the implementation (which is, at the same time, also a strong feature of your product). Of course this would affect every user, not just the demo account.
I think this is one common issue with analytics products (Google Analytics itself has ridiculous amounts of spam referrers!). I guess may be a good idea to be proactive and plan some countermeasure at some point.
Happy lunch!