![[article image]](https://cacm.acm.org/system/assets/0003/8788/121620_CACMpg47_The-Identity-In.large.jpg?1608154066&1608154066 "mobile phone with facial recognition feature")
Most every technology practitioner has a smartphone of some sort. Around the world cellular connectivity is more ubiquitous than clean, running water. With their smartphones, owners can do their banking, interact with their local government, shop for day-to-day essentials, or simply keep in touch with their loved ones around the globe.
It's this ubiquity that introduces interesting security challenges and opportunities. Not even 10 years ago, a concept like biometric authentication was a novelty, reserved only for specialized applications in government and the financial services industry. Today you would be hard-pressed to find users who have not had the experience of unlocking their phones with a fingerprint, or more recently by simply looking at the display. But there is more to the picture than meets the (camera's) eye: Deep beneath layers of glitzy user interfaces, there is a world of secure processors, hardware-backed key storage, and user-identity management that drives this deceptively simple capability.