Hi, The DeviceID is taken from browser cookie and the DDNA is created by our OOTB js file. The MFP can be intercepted by anyone. Even if someone has the MFP as well as the DeviceID, there are still other rules that will always force the user to INCREASEDAUTH/ MFA.
For example, DEVICEVELOCITY and many other rules.