A human may attempt to access a protected resource using a smart phone. Suitable protected resources include login access to an account on a remote server, access to remotely stored content, and virtual private network (VPN) access to name a few.
Prior to obtaining access to the protected resource, the human may be required to successfully authenticate with an authentication server. For example, the human may be required to supply a valid username and password to the authentication server. If the authentication server determines that the supplied username and password correctly match an expected username and password for the human, the authentication server allows the human to access the protected resource using the smart phone. However, if the authentication server determines that the supplied username and password does not match the expected username and password for the human, the authentication server denies access to the protected resource.