Device identification authentication like in google / facebook

How to identify user's device on authentication -- such that second factor auth (such as SMS) can be enforced if user is logging in from an unknown device? I've seen google and facebook has this feature, and they're not using a simple IP check -- if I have two devices on the same network, it can still detect if I tried logging in from an unknown device.

Especially on websites -- as far as I know we can only get user's IP, and other information on HTTP headers, but how do we identify the user's device securely?

Answers


You could use cookies - if the user doesn't have the appropriate cookie, then require a successful two factor authentication?

You could also consider browser fingerprinting in combination with IP address / geo-ip information for a more heuristic approach, though that would be a lot more complex to implement and likely more fragile.


Need Your Help

Objectiv-C: Get an objects class and cast the object to it dynamically

ios objective-c class casting

Let's say I have a collection of objects of different types/classes, i.e. an NSArray.

Zbar SDK returns some time no result with blurry image of Barcode

iphone ios ipad barcode-scanner zbar-sdk

I am using Zbar SDK to scan barcode. But sometimes it will not return the result because of Blurry image, I know the same question has been posted several times before, but didn't get any solution....

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.