O'Reilly logo

Identity and Data Security for Web Development by Tim Messerschmidt, Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Alternate Methods of Identification

Because of the heavy intersection between mobile devices, desktop clients, and a new breed of connected hardware out of the Internet of Things, the demand for a new class of authentication and authorization technology is on the rise. This chapter covers upcoming standards such as FIDO that enable covering multiple form factors and are able to scale beyond software-based authentication technology.

Device and Browser Fingerprinting

Next to regular authentication and authorization scenarios, device and browser fingerprinting allows for a more passive way to identify users across a big target group. Applications like Am I Unique? are broadly available and can leverage many factors in order to determine whether a user is unique.

When performing device and browser fingerprinting, the user is usually tested against some very general and broad factors—such as the device’s platform, the current browser, or whether cookies are enabled on the device—and then against more granular and subtle determinants, like the device’s resolution, time zone, the browser’s enabled plug-ins, or user agent. When Flash is enabled, services like Am I Unique? or Panopticlick are even able to obtain a list of currently installed fonts.

Eight factors can be concatenated and lead to a browser’s fingerprint (Table 5-1).

Table 5-1. Browser measurements to determine uniqueness
Variable Obtained through

User Agent

HTTP

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required