It is typical for a user to have access to several distinct user devices including at least one desktop, laptop or tablet computer terminal and a mobile telephone. The user may switch between such devices frequently throughout the day.
Access management in such contexts can be problematic. For example, authentication based on passwords or gestures can weaken security because users tend to choose weak passwords or gestures in order to gain convenience. Moreover, such approaches impose cognitive costs that negatively impact usability.
Physical biometric approaches such as fingerprint scanning or facial recognition often require expensive equipment and can raise privacy concerns. Other types of biometric approaches such as implicit authentication based on behavioral biometrics arguably avoid these issues, but attackers can defeat such arrangements by imitating user behavior.
Other approaches rely on the presence of one or more physical tokens to gain access to user device, but such approaches can be unduly burdensome because users need to carry a particular predetermined set of one or more physical tokens with them in order to obtain access to their devices.
Deauthentication is also an issue in these and other contexts. For example, automatic relocking of user devices after a timeout period of non-use is generally based on user-controllable settings and, again in order to gain convenience, users will tend to set such timeout periods to extended lengths that can undermine security.
Also, in some automatic authentication approaches, manual deauthentication is required, which negatively impacts usability.
Accordingly, a need exists for techniques that address the security and usability problems associated with conventional access management.