Federal Agencies should consider using multi factor authentication and risk based authentication, similar to what the mobile banking industry as adopted. The challenge with mobile devices, is that they can be easily lost, stolen or in some cases even hacked. Strong credential based authentication is not enough to stop unwanted access. Adding a risk- based challenge layer behind existing authentication can greatly increase the level of security minimal impact to the user experience. Techniques like device fingerprinting, Secondary Question/Answer Logic, One-Time Password (OTP), Behavior Profiling, and the use of Risk Based Data Mining are a few ideas for federal agencies to explore before exposing internal data to mobile devices.