Progressive Authentication: Deciding When to Authenticate on Mobile Phones
Mobile users are often faced with a trade-off between security and convenience. Either users do not use any security lock and risk compromising their data, or they use security locks but then have to inconveniently authenticate every time they use the device. Rather than exploring a new authentication scheme, the authors address the problem of deciding when to surface authentication and for which applications. They believe reducing the number of times a user is requested to authenticate lowers the barrier of entry for users who currently do not use any security. Progressive authentication, the approach they propose, combines multiple signals (biometric, continuity and possession) to determine a level of confidence in a user’s authenticity.