'Does the device authentication solution utilize cookies not susceptible to copying?'
The short answer is Yes. Below are more details derived from the latest "Data Gathering Techniques Guide" which can obtained from RSA Secure Care Online(SCOL).
Browser cookies are used to identify devices attempting to access a system protectedby RSA Adaptive Authentication or Transaction Monitoring. The User ID is used toidentify the user and the cookie is used to identify the user?s device.
NCUA Auditors will ask standard questions to our customers, one question that has been seen repeatedly is
"Does the device authentication solution utilize cookies not susceptible to copying?"
Implementing the Browser Cookie with the Anti-Theft Feature
To protect against cookie theft, the browser must change the cookie data on eachrequest. This scenario supports two modes: reading the browser cookie, and writing orupdating the cookie.
Important:The cookie anti-theft feature is only available for organizations using theAnti-Intrusion model.