Fingerprint module
The Fingerprint module stores the device fingerprints of user requests. It also calculates the risk score of the actual request based on the historical data of previous requests of the same user.
If you use the nevisAdmin 4 pattern nevisAdapt Authentication Connector, the calculation of the fingerprint is integrated automatically. In all other cases, make sure your login page is instrumented correctly.
The Fingerprint module uses the following analyzers to calculate the risk score for a specific user:
- Fingerprint analyzer: This analyzer counts the number of times a user uses the same device to access an application (one count per session).
- Browser fingerprint analyzer: This analyzer counts the number of times a user uses the same browser configuration to access an application (one count per session).
- Fingerprint sharing analyzer: This analyzer checks if any other user uses the same browser configuration.
The currently supported fingerprint technology are FingerprintJS 2 and 3. This technology creates a fingerprint in JavaScript based on device information. The fingerprint is sent via hidden field(s) in the HTML form. The tested and recommended versions of FingerprintJS are v2.1.0 and v3.3.6.
The device fingerprint script collects browser-independent information only. The browser fingerprint script collects all but one ('canvas'), making it more likely to be unique and more subject to change between sessions.
You can customize the JavaScript to collect more information or to exclude certain information from being collected. If you do so, consider, that too many attributes can result in false positives. For example, suppose the browser version is part of the collected attribute list. Now every time a user upgrades their browser, the fingerprint that relies on this information will also change, potentially leading to a high risk score of the user's next HTTP request (assuming it was included in the device fingerprint). It is therefore recommended collecting only device-specific attributes for the device fingerprint analysis, while browser fingerprints can include more items.
For more information about the fingerprint technology and its configuration, visit its website: FingerprintJS.