I. Introduction
Mobile devices have become one of the most prevalent and widely used technologies of our time. Most mobile applications require and store private information about the user that could be used for malicious and fraudulent behavior if obtained by impostors. Modern devices present the option of a security mechanism such as a PIN, password or pattern. However, recent research has shown that such security mechanisms can be bypassed through a variety of forgery attacks, such as the smudge attack [1]. Furthermore, whilst these mechanisms provide a layer of device security, they do not persist for the duration of device usage meaning that once a user has been logged in there are typically no other security checks. Lastly, research has suggested that many users see a security mechanism as an inconvenience [2] and may disable the functionality entirely.