Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access
Mobile Information Systems
Smartphones are the most popular and widespread personal devices. Apart from their conventional use, that is, calling and texting, they have also been used to perform multiple security sensitive activities, such as online banking and shopping, social networking, taking pictures, and e-mailing. On a positive side, smartphones have improved the quality of life by providing multiple services that users desire, for example, anytime-anywhere computing. However, on the other side, they also pose
... they also pose security and privacy threats to the users' stored data. User authentication is the first line of defense to prevent unauthorized access to the smartphone. Several authentication schemes have been proposed over the years; however, their presentation might be perplexing to the new researchers to this domain, under the shade of several buzzwords, for example, active, continuous, implicit, static, and transparent, being introduced in academic papers without comprehensive description. Moreover, most of the reported authentication solutions were evaluated mainly in terms of accuracy, overlooking a very important aspect—the usability. This paper surveys various types and ways of authentication, designed and developed primarily to secure the access to smartphones and attempts to clarify correlated buzzwords, with the motivation to assist new researchers in understanding the gist behind those concepts. We also present the assessment of existing user authentication schemes exhibiting their security and usability issues.