A technique is described that determines if a request for authentication is made on the mobile device belonging to the authorized user by examining non confidential memory parameters of the mobile device, for example a total free memory, or a number of stored phone numbers. The technique examines past authorized user values for the memory parameters and performs a statistical analysis and projects a current memory range for each of the parameters for the authorized user. The projection may include factors such as the amount of time elapsed since the mobile device was acquired, the normal variation over a day, a week, a month or a year, and cyclic variations such as many new applications during a specific month each year. The projection may also include baseline variations which may be provided by analysis of a large number of different people. If the device used for the authorization request has memory parameters different from the projected range of authorized user values, then authorization may be refused.