Sensor-based authentication technique embodiments are presented which generally employ sensor readings captured by a user's computing device (such as a mobile computing device like a cell phone, smart phone, PDA, and so on) to authenticate the user's access to a computer network-based service (such as a web-service) that is secured with traditional textual passwords. These traditional passwords are saved in an off-device password repository service. The aforementioned sensor readings are not cached on the user's computing device and are immediately streamed to the password repository service, where they are validated against a pre-arranged, known sensor-based password. If the validation succeeds, access to the password protected service is brokered by the password repository service on behalf of the user using the appropriate traditional password, and the user's computing device is granted access.