|Applies To||The short answer is Yes. Below are more details derived from the latest "Data Gathering Techniques Guide" which can obtained from RSA Secure Care Online(SCOL).|
Browser cookies are used to identify devices attempting to access a system protected by RSA Adaptive Authentication or Transaction Monitoring. The User ID is used to identify the user and the cookie is used to identify the user?s device.
|Issue||NCUA Auditors will ask standard questions to our customers, one question that has been seen repeatedly is |
"Does the device authentication solution utilize cookies not susceptible to copying?"
Implementing the Browser Cookie with the Anti-Theft Feature
To protect against cookie theft, the browser must change the cookie data on each request. This scenario supports two modes: reading the browser cookie, and writing or updating the cookie.
Important: The cookie anti-theft feature is only available for organizations using the Anti-Intrusion model.
|Legacy Article ID||a61458|