The emergence of the mobile Internet, highly available cloud services, and mobile phones with rich on-phone sensing capabilities have significantly changed the landscape of mobile computing. Mobile Internet is gaining popularity with such magnitude that the number of users that connect to the Internet using mobile devices is expected to exceed that of desktop PCs within the few years.
Current security mechanisms that use passwords are appropriate for keyboard-equipped desktop PCs, but inconvenient for most mobile devices that typically have a much smaller form factor. As a best practice, secure websites unanimously enforce, or at least advise, the use of strong passwords that require both a minimum password length and diversity on the character set used (e.g., characters are a mix of upper and lower case letters, digits and non-alphanumeric characters). Stronger passwords improve security. However, it further increases the difficulty of inputting password on a mobile device, which usability drawbacks may eventually result in users counteracting practices, and hence, fail the original goal of security.