The sites that deal with this sort of problem most frequently are, not surprisingly, porn sites. Username sharing there is fairly rampant.
The most effective solution, as I understand it, is to have your login scripts record username + IP address + datetime of login. If a single username logs in from too many different or widely spaced apart IP's in too short a timespan, the username gets blocked/cancelled. Alternatively, the username gets its password changed and the legitimate user must contact you to get the new password.
You could probably use IP-to-Geo services to get an idea of distance between logins and, using this, perhaps work out an algorithim to detect when a user has shared his login info.