I am developing a PHP web application. I want users to sign in with the same device that they used for registration and restrict the users coming with a different device. So, I need a device fingerprint method that does not change often. While using a device fingerprint system to authenticate the user, the user should not disappointed with the system due to general changes from the client side such as software updates, changing the browser, or clearing history and cookies.
Google and Facebook show our device information and they can perfectly say this is the device last I logged in. I need a method something like that.
I have searched this in Google, Bard, Chat GPT, and Stack Overflow. But I didn't get the right answer. I cannot use the User Agent or localStorage because they can be changed in some situations. I need a device ID such as a MAC address, but I got to know that it is not possible.
The simple answer is : You can't !
For the privacy and security matters, you're not allowed to access user device other than standard ways like IP, user agent, cookie, session, etc. But if your users are willing to install some extension or app, you may have a chance to control their device more accurately.
No need to say that expertise users still can easily manipulate your code from their side, and even Google or Facebook can't control users behavior this much, and you can simply change your user agent to show them different device.