Fingerprint module
The Fingerprint module stores the device fingerprints of user requests. It also calculates the risk score of the actual request based on the historical data of previous requests of the same user.
If you use the nevisAdmin 4 pattern nevisAdapt Authentication Connector, the calculation of the fingerprint is integrated automatically. In all other cases, make sure your login page is instrumented correctly.
The Fingerprint module uses the following analyzers to calculate the risk score for a specific user:
- Fingerprint analyzer: This analyzer counts the number of times a user uses the same device/browser to access an application (one count per session).
- Fingerprint sharing analyzer: This analyzer checks if any other user uses the same device/browser.
The currently supported fingerprint technology is FingerprintJS 2. This technology creates a fingerprint in JavaScript based on device information. The fingerprint is sent via hidden field(s) in the HTML form. The tested and recommended version of FingerprintJS 2 is 2.1.0.
For more information about the fingerprint technology and its configuration, see its website: FingerprintJS.The device fingerprint script collects the following information by default (effectively browser-independent variables):
- Available screen resolution
- "Has Lied" flags: browser, languages, operating system, resolution
- Indexed database
- Language (but not locale)
- Local storage
- Platform
- Screen resolution
- Session storage
- Touch support
- WebGL vendor and renderer
This is the complete list of all available components in the FingerprintJS 2 library:
- userAgent
- webdriver
- language
- colorDepth
- deviceMemory
- pixelRatio
- hardwareConcurrency
- screenResolution
- availableScreenResolution
- timezoneOffset
- timezone
- sessionStorage
- localStorage
- indexedDb
- addBehavior
- openDatabase
- cpuClass
- platform
- doNotTrack
- plugins
- canvas
- webgl
- webglVendorAndRenderer
- adBlock
- hasLiedLanguages
- hasLiedResolution
- hasLiedOs
- hasLiedBrowser
- touchSupport
- fonts
- fontsFlash
- audio
- enumerateDevices
You can customize the JavaScript to collect more information or to exclude certain information from being collected. If you do so, consider the following:
- Too many attributes can result in false positives. For example, suppose the browser version is part of the collected attribute list. Now every time a user upgrades his browser, the fingerprint of his device will change (because of the different browser version), leading to a high risk score of the user's next HTTP request.
- Collecting only a few attributes can increase the number of false positives in the risk calculation of the fingerprint sharing analyzer.
It is therefore recommended collecting only device-specific attributes for the fingerprint analysis. In case of many false positives, ignore the risk score calculated by the fingerprint sharing analyzer.