Securing mobile devices against unauthorized access has become more important as these devices become more widely used and as they are increasingly being used to store sensitive data. Devices such as mobile phones, laptops, tablet computers, music and video players, and electronic book (eBook) reader devices now routinely contain personal data, and often contain confidential business information. In addition, these devices often contain further security-related information, such as cached logins and passcodes, that can allow others to access to even more personal or confidential data.
If a user is concerned about the consequences of a mobile device falling into the wrong hands, the device can often be configured to require a passcode to be entered prior to device operation. However, passcodes have notorious weaknesses, especially when selected or used carelessly.
One of the biggest problems with relying on passcode protection is that users often select passcodes based on some easily obtainable personal data. For example, users often select a passcode that is derived from their birth date or some other date that is significant to them. This makes it relatively easy for someone else to eventually find the right passcode through trial and error.
In order to make it more difficult for someone to guess a passcode, many devices limit the number of attempts that can be made to authenticate with a mobile device. For example, a device might allow ten attempts to provide a correct passcode, and after entry of the tenth invalid passcode might permanently lock the device or erase all of its contents.
This type of scheme is effective, but sometimes creates problems for a legitimate user who has simply forgotten his or her passcode. Erasing or resetting a device in this situation might create a huge inconvenience, and in some cases might cause the irretrievable loss of important data.