The future of authentication - the emoji

As organisations struggle to find solutions to the user authentication problem, one company has gone as far as suggesting the use of emojis, an idea worthy of consideration, says Ben West.

Ben West, Senior Product Manager – Mobile, Global eCom at Worldpay
Ben West, Senior Product Manager – Mobile, Global eCom at Worldpay

How many times have you forgotten a password and had to reset it, whether for online banking, email or a retailer you perhaps use once or twice a year?

For years, we have been advised to create passwords which are  strong, an impossible to guess mix of upper and lower case characters and numbers, and different for every single account and service we use. But the more complex passwords become and the more of them we accumulate the more difficult they become to remember. Complexity can lead to insecurity, with some people undermining the strength of their passwords by doing anything from saving them on unencrypted documents on their desktop to writing them on a Post-It note stuck to their computer screen.

But it's not just passwords which are affected. Bank PIN numbers also fall into this bracket – especially if you haven't used an account or card for some time.

However, one company has recently come up with an idea that might put a smile on people's faces – quite literally. Their answer is to use emoji – the smiley faces and pictures which have become popular on text messages and tweets (and more recently had a day dedicated to it).

What may initially seem a far-fetched concept does make sense in many ways given there are only 7,290 unique permutations of four non-repeating numbers compared to nearly 3.5 million unique permutations of 44 non-repeating emojis. This near infinite amount of password combinations could not only limit the opportunity for fraudsters to hack into accounts but could also make it easier for us to remember due to the visual nature of the character set.

We have all heard the phrase ‘a picture paints a thousand words'. But did we ever think that this could prove true when it came to our password? However, organisations considering introducing emojis will need to consider whether their customers would be limited to using mobiles or tablets, where emoji keyboards can be easily selected, to complete the authentication process. If this was the case, consideration would also need to be taken with regard to other access points – would these be removed completely or would users need to have one password for their mobile and one for their desktop?

Using emoji could certainly offer a boost to mobile banking. While many UK consumers are regular users of mobile banking, in the US there is a much slower adoption and security and issues with authentication, including remembering passwords can be reasons people resist.

But can the emoji really be the answer?

An interesting point has been raised and given the high rate of visual recall, it may stop us from continually having to reset our passwords. However more thought is needed as to whether emojis could be a realistic move forward for online authentication.

Almost certainly, a balance will need to be struck between security benefits versus whether consumers will need a different password for different devices. Device agnostic passwords would certainly be a much simpler solution, but given this credible option has been presented to the market, now may be the time to start thinking about how to strengthen the authentication process.

Contributed by Ben West, Senior Product Manager – Mobile, Global eCom at Worldpay