Nowadays, user authentication on mobile devices is principally based on a secret (e.g., password, PIN), while recently two-factors authentication methods have been proposed to make more secure such secret-based methods. Two-factors authentication methods typically combine knowledge factors with user’s characteristics or possessions, obtaining high authentication performances. In this paper, we propose a novel two-factors authentication method based on users’ cognitive skills. Cognitive abilities are caught through the users’ performance to small games, which replicated the classical attentional paradigms of cognitive psychology. In particular, we introduced three games that rely on selective attention, attentional switch and Stroop effect. While users were solving a game on their smartphones, we collected cognitive performance (in terms of accuracy and reaction times), touch features (interactions with touch screen), and sensors features (data from accelerometer and gyroscope). Results show that our cognitive-based games can be used as a two-factors authentication mechanism on smartphones. Relying on touch and sensors features as behavior biometrics, we are able to achieve an authentication accuracy of 97%, with a Equal Error Rate of 1.37%.