I know you're joking, but just consider who uses these terminals -- these are companies trading millions, billions, or trillions of dollars. Bloomberg terminals are expensive, but not really in the scheme of things. Also, if a company tried to steal licenses this way, there would be a whistle-blower bounty and the company would get caught soon.

Bloomberg sales and support is very hands on. If you work at a place that has a lot of terminals, there is usually someone from Bloomberg corporate walking around interacting with people, trying to make sure they are getting value/use from the terminals. If they noticed anything like this happening, you can be sure that the company would receive a nasty lawyer letter since they would be in violation of the user agreement that strictly forbids this.

You might think Bloomberg would be less-than-strict about enforcing this (who wants to sue their customer?) until you realize that “we’ll forgive the breach of contract if you buy accounts for everyone we caught cheating” is a very lucrative sales tool.

IME with a small sample of Bloomberg sales reps, they're glad to look the other way from a little funny business. They want to sheer the sheep, not skin them.

With concurrent access restrictions, this is not likely to get you far.

How would people log in from outside the office?

There is a service called "Bloomberg Anywhere" where there is a portable fingerprint reader to log into a browser-based Bloomberg Terminal rather than the dedicated-server version.

The reader does not need to plug into your computer. Instead, it reads data from your monitor optically (flashing) and your fingerprint to give you a one-time code.

Right, I used to work there.

What I mean is, what would a cheating company with a “fingerprint guy“ do when a legitimate user needs to log in remotely? (What if the fingerprint guy got sick, or quit?)

High availability cluster of fingerprint guys, naturally.

Personally, I run 2 clusters of 5 nodes each, in geographically disparate zones.

There are some shared infrastructure dependencies that aren't redundant, but generally speaking the system can survive loss of multiple nodes and/or an entire site.

I'd give the fingerprint guy the B-Unit Android App, which only takes a static QR code as input. Others could send him a screenshot, and get the log-in approved remotely.