Web Services are improving rapidly and intended to provide exchanging of information between systems over the network. Many services are introduced to users as web services; therefore, high security solution is needed to protect users’ privacy and confidentiality. The need for strong security systems increases in case of mobile web services, since mobile users are more exposed to security threats. In this paper, we introduce and propose a biometric encryption to mobile web services authentication based on iris. The user iris will be used to regenerate the user’s encryption key on-the-fly on each time the user needs to be authenticated. This key is stronger than passwords and shorter than biometric data, which balances between security and performance.