Providing a secure login mechanism for your users is harder than on the Web. The trend on mobile devices is to make things as easy as possible for the user. Mobile keyboards are also small, so it’s unlikely that someone is going to enter more than six characters to log in to an app.
But if you make it too easy to log in to your app, you run the risk of unauthorized users gaining access to sensitive data by going around this authentication.
The following tokens are common on Android devices as part of the login process:
Username and password
Device information, such as DeviceID and AndroidID
Network information, such as IP address ...