We design privacy-preserving protocols for Scaled Manhattan and Scaled Euclidean verifiers, secure against malicious clients and honest-but-curious server. We then augment our protocols with principal component analysis (PCA), which can help improve authentication accuracy. We evaluate the performance of our protocols on an emerging application—namely, continuous authentication of smartphone users. We compare the performance of protocols secure under the malicious client model, with three protocols secure in the honest-but-curious model. We report tradeoffs between computation overhead, communication cost, and authentication accuracy. Our key observations are: 1) Scaled Manhattan without PCA gives the best tradeoff between security, accuracy, and overhead; and 2) with PCA, memory availability on current smartphones limits the number of features that can be used with Scaled Manhattan, and prevents the Scaled Euclidean protocol from running. Our extended evaluation on a laptop client shows that PCA with both Scaled Manhattan and Scaled Euclidean verifiers is feasible given sufficient memory.