Device Fingerprinting

Device fingerprinting gathers a combination of attributes from a user’s browser, operating system, and hardware to construct an identifier. Attributes commonly collected include screen resolution, installed fonts, browser plugins, language settings, time zone, and the results of canvas or WebGL rendering tests. Individually, each attribute is shared by many devices, but the combination narrows the field significantly.

Fingerprints serve multiple purposes in security. They help detect when a known account is accessed from an unfamiliar device, flag devices associated with prior fraud, and identify bots that lack the rendering characteristics of real browsers. Because fingerprinting does not depend on cookies, it persists across sessions even when users clear local storage.

Privacy considerations apply. Fingerprinting can track users without their knowledge, and regulations may classify the collected signals as personal data. Transparency and a clear lawful basis are necessary.

For CIAM, device fingerprinting feeds adaptive authentication and fraud scoring, helping the platform decide when to challenge a customer with additional verification.