This thesis examines countermeasures to digital replay attacks using existing consumer smart device technology. The current literature shows virtually no significant research on practical solutions to these attacks, which limits the ability to leverage such smart devices as biometric readers. Enhancing existing password-based authentication with biometrics has many positive benefits to users. The ultimate goal is that, one day, accessing online accounts will be as simple as looking at your phone.Current password-based authentication is complex, prone to error, and users find it difficult. Replacing passwords with hardware devices removes some of the complexity, but results in an accumulation of more devices (or tokens). Both of these forms of authentication have the same weakness: they only authenticate knowledge of the password, or possession of the token; they do not authenticate the actual person. Anyone with possession of your ATM card and PIN can withdraw money from your account, even though they are not you.Biometric systems promise to provide usable authentication that identifies you as a person. You benefit from additional security, and service providers benefit from being able to show who requested the service.Unfortunately, biometric systems have not experienced wide adoption, partly due to the expense of deploying biometric sensors. The widespread deployment of consumer smart devices now offers the opportunity to place biometric sensor devices in every user's hands with little or no additional expense. For example, the camera interface can capture face images of the user for authentication purposes.However, these devices cannot be fully trusted. Like many systems, they are many points within the system that attackers may attack to their advantage. Users often know of presentation or spoofing attacks due to their portrayal in popular movies. Nevertheless, defeating a face verification system by using a photograph, video, or mask in front of the camera is becoming much more difficult due to significant recent research efforts into anti-spoofing techniques. These techniques aim to distinguish live people from facsimile copies.Instead, if the attacker replaces the digital representation of the user's face with that of a different (but equally real) user's face, the anti-spoofing and liveness testing will all conclude that the digital signal is that of a real person. Thus, anti-spoofing technology completely fails to detect the forgery.These attacks are termed digital replay attacks as they replace the valid digital signal by replaying a previously obtained signal. Digital replay attacks are easy to implement, and may be widely automated using malicious software, such as viruses and trojan horses. Such attack automation uses the smart device to capture valid images of the victim for use elsewhere at a later time. This is in contrast to the spoofing attack, in which the attacker must carefully customise each attack for each intended victim.ii Currently, little practical research determines counterme...