Modern Authentication Schemes in Smartphones and IoT Devices: An Empirical Survey

User authentication remains a challenging issue, despite the existence of a large number of proposed solutions, such as traditional text-based, graphical-based, biometrics-based, Web-based, and hardware-based schemes. For example, some of these schemes are not suitable for deployment in an Internet of Things (IoT) setting, partly due to the hardware and/or software constraints of IoT devices. The increasing popularity and pervasiveness of IoT equipment in a broad range of settings reinforces the importance of ensuring the security and privacy of IoT devices. Therefore, in this article, we conduct a comprehensive literature review and an empirical study to gain an in-depth understanding of the different authentication schemes as well as their vulnerabilities and deficits against various types of cyberattacks when applied in IoT-based systems. Based on the identified limitations, we recommend several mitigation strategies and discuss the practical implications of our findings.