As recent incidents have shown, weak passwords are a severe security risk for authenticating users and granting access to protected resources. Additionally, strong passwords score low on usability, especially on mobile devices. In this work, we present SmartAuth, a scalable context-aware authentication framework built on top of OpenAM, a state-of-practice identity and access management suite. It uses adaptive and dynamic context fingerprinting based on Hoeffding trees to continuously ascertain whether a user’s identity is authentic or not, and it respects privacy preferences by adopting consent-driven use of context information. We assess our approach from both an offensive and defensive security perspective. Our results show that dynamic context fingerprinting has good potential for a zero-interaction authentication scheme, with a minimal performance overhead compared to traditional authentication schemes. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security a...