When and how to authenticate
Usable authentication on mobile devices faces different challenges compared to traditional computers. For example, due to the constrained user interface, traditional passwords are awkward at best. Auxiliary hardware is generally cumbersome, but even more so for users on the go. We believe in the need for a new approach to authenticating users. Extending the traditional authentication paradigm beyond “what you have - what you know - what you are,” we propose that “what you do” is a practical way to control access. We refer to this as implicit authentication, which identifies users by their habits, as opposed to their belongings, memorized data, and biometrics.
Chow, R.; Shi, E. When and how to authenticate. Chapter in The Death of The Internet by Markus Jakobsson, to be published in June 2012 by Wiley.