A method, system, computer program product, and method of doing business by improving security of a computing device. Continuous authentication of a user of the computing device, which may be (for example) a portable or personal computing device (also known as a "pervasive computing device"), is performed. The disclosed techniques also improve the security of operations or transactions carried out with such computing devices. Biometric sensors are preferably used for obtaining identifying information from users of computing devices, and this obtained information is compared to previously-stored biometric information which identifies the legitimate owner of the device. If the information matches, then it can be assumed that this user is the device owner, and a security-sensitive transaction is allowed to proceed so long as the biometric input is uninterrupted. Otherwise, when the obtained information does not match, or when there is an interruption in the biometric input, then the device may be in the wrongful possession of an impostor. A transaction may therefore be prevented or aborted, or in other cases perhaps simply marked as suspect or not authenticated; or, it may be desirable to completely deactivate the computing device.