Another option could be a hardware fingerprint,but i doubt they use it. Lots of “false positives” if user changes his hardware…