The persistent authentication is used only for applications that do not require very high security. It is recommended to configure the CryptoKey as class level property for the contract. The CryptoKey must be long and random to keep the user information secure.
For information about how to configure the persistent authentication, see Configuring Persistent Authentication in the NetIQ Access Manager Identity Server Guide.