What's the most reliable way to detect if the user is logging in from a different device than usual?

前端 未结 1 2155
心在旅途
心在旅途 2021-02-15 13:39

I suspect we\'re all familiar with how facebook and google and the like detect if you\'re using a different device than usual, I was wondering what the most reliable way to do t

1条回答
  •  鱼传尺愫
    2021-02-15 13:55

    The most reliable way to detect a device change is to create a fingerprint of the browser/device the browser is running on. This is a complex topic to get 100% right, and there are commercial offerings that are pretty darn good but not flawless. I worked at one of those companies several years ago.

    There is now at least one open source fingerprinting project Client JS. I have not used it, but it seems to cover the bases.

    Just setting a cookie is not very reliable because on average users clear cookies about every 30-45 days unless you use a network that attempts to re-set the cookie (paid services). Even those are not flawless.

    Just using the IP address is useless. Some devices legitimately have many IPs in a short period of time (laptop at home, work and Starbucks or most any mobile device), while sometimes a single IP is shared by a large number of users (all the folks at Starbucks or behind a corporate proxy server).

    UPDATE

    Thoughts on your similar hash code.

    It is a complex topic to get right. I had a small team for a few years. We got pretty darn good, but you can never be 100% accurate even when people are not intentionally trying to trick you.

    • If the CPU changes, it's probably a different device.
    • The same physical device can have many user agents. Each browser on the device has a different user agent, and privacy mode of browsers have different user agents with far less entropy.
    • Fonts doesn't change very quickly for a given physical device, though it's not a great source of entropy on mobile devices (few fonts installed, and typically all the same ones for a given type of device).
    • OS is generally stable, until it suddenly changes. Does it matter in your case if every device appears to be a new device when it updates to Windows 10?
    • Color depth will be pretty stable. If the user installs a new graphic card, this may change. Does that matter in your case?

    If you can accept thinking some devices are new when in fact they are the same and vice-versa, this type of similarity hash may work for you. Note that you can never use this type of fingerprint to uniquely identify a device for a purpose that requires positive identification such as access to secure data. It's great for making probabilistic decisions such as serving an appropriate ad.

    0 讨论(0)
提交回复
热议问题