The widespread use of digital technologies in the private and working life of individuals led to a proliferation of online services that allow users to remotely store, access and share both personal and corporate sensitive data, from different physical places and from a variety of devices. This trend is re-shaping many aspects of individuals' life, such as people's working habits (e.g., through the bring-your-own-device - BYOD - policy) and healthcare services (e.g., automated collection of personal health data through wearable devices). Current authentication mechanisms for protecting the access to users' data, mainly based on passwords, are no more suitable to such novel usage scenarios, and to the corresponding security threats.