Skip to main content
Version: 1.15.x.x RR

Fingerprint module

The Fingerprint module stores the device fingerprints of user requests. It also calculates the risk score of the actual request based on the historical data of previous requests of the same user.

If you use the nevisAdmin 4 pattern nevisAdapt Authentication Connector, the calculation of the fingerprint is integrated automatically. In all other cases, make sure your login page is instrumented correctly.

The Fingerprint module uses the following analyzers to calculate the risk score for a specific user:

  • Fingerprint analyzer: This analyzer counts the number of times a user uses the same device to access an application (one count per session).
  • Browser fingerprint analyzer: This analyzer counts the number of times a user uses the same browser configuration to access an application (one count per session).
  • Fingerprint sharing analyzer: This analyzer checks if any other user uses the same browser configuration.

The currently supported fingerprint technology is FingerprintJS 2. This technology creates a fingerprint in JavaScript based on device information. The fingerprint is sent via hidden field(s) in the HTML form. The tested and recommended version of FingerprintJS 2 is 2.1.0.

For more information about the fingerprint technology and its configuration, see its website: FingerprintJS.The device fingerprint script collects the following information by default (effectively browser-independent variables):

  • Available screen resolution
  • "Has Lied" flags: browser, languages, operating system, resolution
  • Indexed database
  • Language (but not locale)
  • Local storage
  • Platform
  • Screen resolution
  • Session storage
  • Touch support
  • WebGL vendor and renderer

The browser fingerprint script collects all but two (canvas and webgl), making it more likely to be unique and more subject to change between sessions.

This is the complete list of all available components in the FingerprintJS 2 library:

  • userAgent
  • webdriver
  • language
  • colorDepth
  • deviceMemory
  • pixelRatio
  • hardwareConcurrency
  • screenResolution
  • availableScreenResolution
  • timezoneOffset
  • timezone
  • sessionStorage
  • localStorage
  • indexedDb
  • addBehavior
  • openDatabase
  • cpuClass
  • platform
  • doNotTrack
  • plugins
  • canvas
  • webgl
  • webglVendorAndRenderer
  • adBlock
  • hasLiedLanguages
  • hasLiedResolution
  • hasLiedOs
  • hasLiedBrowser
  • touchSupport
  • fonts
  • fontsFlash
  • audio
  • enumerateDevices

You can customize the JavaScript to collect more information or to exclude certain information from being collected. If you do so, consider, that too many attributes can result in false positives.

For example, suppose the browser version is part of the collected attribute list. Now every time a user upgrades his browser, the fingerprint that relies on this information will change (because of the different browser version), potentially leading to a high risk score of the user's next HTTP request (if it was included in the device fingerprint).

It is therefore recommended collecting only device-specific attributes for the device fingerprint analysis, while browser fingerprints can include more items.