User Agent change impact to Remember Device and Intelligent Authentication in Symantec VIP
search cancel

User Agent change impact to Remember Device and Intelligent Authentication in Symantec VIP

book

Article ID: 263860

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

What will be the impact of the User Agent change to User Agent client hints and its impact to Remember Device and Intelligent Authentication in Symantec VIP?

***Broadcom has decided to add the user agent changes in the August maintenance release.***

Cause

Google is introducing a privacy sandbox to help users get control of their privacy and make it more difficult for websites to uniquely identify the device that a user is using, without the user providing explicit approval for the website to gather that information:

https://www.chromium.org/Home/chromium-privacy/privacy-sandbox

One of the Proposed changes include, but are not limited to:

Returning a plain vanilla user agent string which exposes minimal identifying client information to a server.

Google is rolling this out as a series of projects and changes to Google Chrome. Additionally, Google is spearheading a push to create standards around this, which other browser clients can adopt. Other browser vendors, such as Mozilla, are looking at adopting some of these changes and standards. Currently, these strings (called User-Agent Client Hints) are incorporated into the Google Chrome and Microsoft Edge browsers. The Apple Safari and Mozilla Firefox browsers do not support User-Agent Client Hints currently, but may incorporate this standard sometime in the future. This is still an active area of development, change, and standardization and, as such, will change over time.

Resolution

With the August 2023 release of Symantec VIP Authentication Services (VIP Cloud), VIP will support User-Agent Client Hints in the Chrome and Edge browsers. The information in the User-Agent Client Hint is used primarily as risk assessment. VIP uses the hint to try to determine if a device tag has been copied from one device to another, thereby representing a potential attack or an attempt to circumvent the fraud detection system. Users on the Chrome, Firefox, and Safari browsers should not be impacted by this change. Users on the Edge browser may be prompted for second-factor authentication the first time that they log in after the April release, even if they have chosen Remembered Device. After authenticating for the first time and remembering the device again, these users should see no change going forward.

Note-: Firefox and Safari browser does not support the User-Agent Client Hints as of now and once they do we will evaluate and update this KB article if there will be any impact.

Additional Information

More information on User Agent Client Hints can be found here.

The August Release Notes: What's new in VIP Authentication Services 2023.August.01