The term “user authentication” may refer to a process by which the identity of a user is confirmed prior to providing the user, or a device associated with the user, with access to one or more resources. For example, one common method for authenticating a user before providing services in association with a particular account is to require the user to input a password that has been associated with the account by the owner thereof. The user may also be required to provide an identifier (ID) of the account itself (sometimes called the “user ID”). Since, in theory, only the owner of the account knows both the user ID and the password, the providing of these credentials may be deemed sufficient to authenticate the user.
When user authentication is performed via the Internet, a user is often required to enter such credentials into a graphical user interface (GUI) of a Web browser or other application running on an Internet-enabled device. The GUI is typically rendered to a rich display associated with the device (e.g., a monitor connected to a computer, a display of a laptop computer or smart phone, a television connected to a gaming console, etc.). The user may enter the credentials using an input device such as a keyboard, touchscreen, game controller, or the like, depending on the device being used to perform user authentication.
Wearable computing devices with wireless networking capabilities are now becoming more and more prevalent. These devices include, for example, head-mounted computing devices such as Google's GLASS™, smart watches such as Apple's APPLE WATCH™, and personal fitness devices such as Microsoft's MICROSOFT BAND™ and Fitbit's FITBIT® activity tracking devices. It may be deemed necessary or desirable to authenticate a user to ensure that he or she is the actual owner of a particular wearable device before providing the wearable device with access to resources on behalf of the user. However, due to their small form factors, many wearable computing devices have very limited user interfaces, both in terms of display capabilities and user input capabilities. For this reason, it can be difficult or even impossible to conduct user authentication via these devices using traditional methods such as that described above, in which user credentials are entered into a GUI rendered to a rich display. A similar issue may arise with respect to embedded computing devices, such as those used to implement the Internet of Things (IoT). Many of these embedded computing devices do not include the rich display and/or user input capabilities necessary to enable a user to enter user credentials in the aforementioned manner.
In some scenarios, a user may own a device that can act as a credential of the user for the purposes of user authentication. For example, the device may be configured to automatically receive and respond to a security challenge on behalf of the user. In such a scenario, the user may not have a password or other user-input-based credential since the device satisfies the need for a credential. If this is the case, there may be no way for the user to authenticate another device via which the user wishes to obtain access to resources.