Published on: 28 September 2021
From a user perspective, being forced to re-authenticate to a website can be a hassle, especially if the user has good password practices, like having a different long, unique password for each website. This increases the likelihood that the user can’t remember the password and must perform a password reset at a critical time, and sometimes users can’t complete the password reset either (for example, because they don’t remember the username either, or can’t remember the answer to a security question). However, meeting user demand for logins to persist for longer can create a risk to the user when they login from a browser that they share with others, like browsers on computers in hotel business centers, common living areas, or certain workplace computers. In those cases, keeping a user logged in may result in exposing that user’s account to the next person to use the same browser. Website operators want to give users the full login sessions they desire, but only when it’s safe to do so. Shape Recognize™ (the “Service”) helps them do that.
The Service works by assessing whether the visitor’s browser is likely to be shared by multiple individuals. If not, the website can keep the visitor logged in for the desired duration. If so, the website operator can require earlier re-authentication. This Privacy Statement applies to the data that the Service uses.
Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the data about the customer’s users, and the customer is (or acts on behalf of) a controller of such data, to the extent it contains personal data.
The Service collects data from the browsers and devices of visitors to the customer’s website. We use automated means to collect this data.
The Service uses the following data:
If a Service customer’s user is visiting the customer’s website from a non-unique Combination, Shape will alert the customer, who can choose to take defensive measures, such as requiring the user to log in again sooner than would normally be the case, especially prior to when the user engages in a logged-in activity that the customer determines should be private to the authentic user (like completing a purchase or reviewing account details).
To exercise your rights with respect to the customer data that F5 processes when providing the Service to a customer, please contact that customer. For more information about F5’s privacy practices, please see the F5 Privacy Notice.