Doing security checks

Access based on context

A mobile phone is tilted, putting it in to sleep mode.

Description

Access to data is based on what someone is currently doing. This is measured by sensors on devices like gyroscopes, accelerometers or GPS.

For example, a phone automatically locks when someone puts it down.

IF thinks this is a useful pattern because it makes devices more secure without making it more complicated. Be mindful about interpreting sensor data, for example phones may lock because they sense someone is driving when actually they’re travelling on the bus.

Advantages

  • Remains convenient while offering some security for most users
  • Removes friction and automates common actions
  • In most cases, this pattern is (and should) be implemented as an optional service that people can enable or disable

Limitations

  • Matching sensor data to actual activity can be error prone. This can lead to a higher rate of access than may be intended.
  • People manage their settings depending on perceived risk. For example, setting your phone to stay unlocked while at home might make it possible for guests in your home to access information on it.

Examples