When my Samsung Gear™ 2 smart watch is nearby to my Samsung Galaxy S® 5 phone (which it is except when I am charging the Gear, as I frequently am), the phone's lock screen can be bypassed. I see this as an example of the larger trend in which our things/devices, based on their location, sensing and inferences, will enable our authentication to other devices and online services.
Shown is the default lock screen for the phone. I've set it up to use a security pattern rather than a PIN.
Note to iPhone users: This screenshot is of an Android phone. It looks different, I know. Please don't be alarmed. Think of Android as an iPhone that you don't have to wait in line for.
This sort of authentication is local; i.e., the validation of the 'secret' (the pattern) is performed on the device and not on some server. It serves to bind the owner of the phone to that device, and prevents somebody else who might have physical access to the phone from thereby gaining access to the contents within.
Given the portability of phones (and the associated 'lose-ability') some level of local authentication is important--especially if that phone is being used for sensitive purposes; i.e., accessing financial data or as an additional authentication factor. Unfortunately, many users find repeated local logins overly burdensome (even a pattern and not a PIN) and so turn the feature off (barring an EMM imposing it).
Consequently, local authentication options that offer a more seamless UX are useful. One such alternative is a 'what you have' of some other device, such as a wristwatch. In the Gear Manager application on the S5, I can turn on the 'Auto lock' feature, whereby presence of the Gear (when it is not being charged) can lock and unlock the phone.
When the Gear is near to the phone, I need only swipe to get past the lock screen. This frees up valuable time that can be better spent charging up the Gear.
Don't wear a watch? No problem. The key criteria here is that the 'authentication device' be something that the user is likely to have with them (and so proximal to the 'application access device'). Why not a fitness tracker á la Fitbit, etc.? Or a ring? Or perhaps a jacket?
But, of course, the above scenarios probably imply the need for devices from different manufacturers to be able to negotiate the authentication interchange (as opposed to a Samsung watch talking to a Samsung phone). And this implies the need for a standard for this sort of cross-device authentication.