Mobile Device based Authentication

Smartphones now-a-days are used mainly for surfing the web, checking social networks or playing games than making a phone call, which is only the fifth most frequent activity [5]. This means that users trust their smartphones to store and access sensitive data, ranging from contacts to financial details [3] (indeed 35% use their devices for online banking [2]). Moreover, a typical user now has around 25 accounts but only 6.5 unique [9] but not-so-strong passwords [1] to protect these accounts. At the same time, smartphones are prone to loss: a 2012 report by the Pew Internet Project estimated that nearly a third of cell phone users have had a device lost or stolen [6]. Still 35% of the users do not lock their smartphones [16] which can put all their accounts and sensitive information at risk. The main reason behind this lazy locking behavior is the need of unlocking their devices around 110 times a day [4]. However, users want to preserve their privacy from strangers or family members [3], but they also crave for fewer taps to access their desired information. This eternal trade-off between usability and security can be resolved if we have implicit authentication system powered by higher level of security. So, to solve this, different online services are using two-factor authentication to make the security tighter.