Computing systems such as mobile telephones, laptop and tablet computers, and desktop computers may enter a locked state when not in use. The locked state may occur when a user has been away for a predetermined amount of time, or when a user manually controls the computing system to enter the locked state, for example. In order to unlock and use the computing system, the user generally must enter a full password.
Such computing systems are often used many times throughout the day, and a single period of use may be referred to as a “session”. Individual sessions may vary in length. Sessions may be relatively long (e.g., reading and responding to email), generally having relatively long breaks between sessions. Sessions may also be relatively short (e.g., quick checks of weather, sports scores, or a calendar), often occurring in rapid succession. For example, a user may check a calendar, re-check the calendar, send a quick instant or text message, check a sports score, and recheck a sports score within a matter of a few minutes.
Both long and short sessions typically require the same amount of authentication—namely, entry of a full password. This generally results in either poor security due to short passwords or inconvenience due to long passwords or personal identification numbers for rapid unlocks. Accordingly, an approach to authentication that overcomes these disadvantages may be beneficial.