The Internet of Things (IoT) is increasingly empowering people with an interconnected world of physical objects ranging from smart buildings to portable smart devices such as wearables. With the recent advances in mobile sensing, wearables have become a rich collection of portable sensors and are able to provide various types of services including health and fitness tracking, financial transactions, and unlocking smart locks and vehicles. Existing explicit authentication approaches (i.e., PINs or pattern locks) suffer from several limitations including limited display size, shoulder surfing, and recall burden. Oftentimes, users completely disable security features out of convenience. Therefore, there is a need for a burden-free (implicit) authentication mechanism for wearable device users based on easily obtainable biometric data. In this paper, we present an implicit wearable device user authentication mechanism using combinations of three types of coarse-grained minute-level biometrics: behavioral (step counts), physiological (heart rate), and hybrid (calorie burn and metabolic equivalent of task). From our analysis of 421 Fitbit users from a two-year long health study, we are able to authenticate subjects with average accuracy values of around 92% and 88% during sedentary and non-sedentary periods, respectively. Our findings also show that (a) behavioral biometrics do not work well during sedentary periods and (b) hybrid biometrics typically perform better than other biometrics.