Emoji passwords get thumbs up for banking

News by Tom Reeve

Banking can be a rollercoaster of emotion, depending on the size of your bank balance, but one technology company is taking it to a new level.

Rather than using a PIN code or password based on the digits 0 to 9, banking application developer Intelligent Environments has developed a passcode system using emojis.

For the uninitiated, emojis are small, face-like icons designed to convey emotions and add a human dimension to text-based communications. Many comic icons have been developed which add to the pantheon of emojis.

According to emojipedia.org, there are are 722 emoji characters currently available in the Unicode 6.0 character set and an additional 209 flags recognised on Android 5.0 but not available on other platforms.

Intelligent Environments has honed the set of emojis down to 44 easily recognisable and distinguishable emojis, eliminating many that were so similar in appearance that they might be confusing to users, especially those of a certain age whose vision is not as acute as it once was.

One fan of emojis is Graham Cluley who wrote in his blog, “Could emoji passcodes be safer for online bank users?”

In an ideal world, he says users would adopt password managers (PM) to prevent them using classics like “password1” or the year of their birth as a pin code. But most people don't like PMs so he reckons emojis would at least encourage people to use a more random string of characters.

A series of pictures could tell a story, he said, such as “lady kicks football while carrying scissors in the sunshine”. And randomising the order in which the emojis were displayed on a touch screen would help eliminate the “qwerty” password phenomenon.

Intelligent Environments said in a press release that being pictorial, emojis would be easier to remember than random strings of letters and numbers. The company quotes memory expert Tony Buzan, inventor of the Mind Map technique, who said: “The Emoji Passcode plays to humans' extraordinary ability to remember pictures, which is anchored in our evolutionary history. We remember more information when it's in pictorial form, that's why the Emoji Passcode is better than traditional PINs.”

For those of a more scientific bent, you can read “Neural correlates of the episodic encoding of pictures and words” on the Proceedings of the National Academy of Sciences website.

“We've had input from lots of millennials when we developed the technology. What's clear is that the younger generation is communicating in new ways,” said David Webber, managing director at Intelligent Environments. “Our research shows 64 percent of millennials regularly communicate only using emojis. So we decided to reinvent the passcode for a new generation by developing the world's first emoji security technology.”

However, Bharat Mistry, security consultant at Trend Micro, said the emoji passcode might be especially easy to compromise by social engineering. “This could be done via e-mail spam – ‘vote for your favourite emojis and see if they are in the top 10' – an online chat where the hacker poses as a friend, accessing users' previous SMS messages, personal emails or social media feeds. There are plenty of ways in which a hacker could identify the common or recurring emojis,” he said.

He also suggested that older users would be at a disadvantage compared to younger users. “Certainly, younger 'digital natives' are more likely to use emoji based authentication, but older 'digital immigrants' in that age group are less likely to adopt the approach of selecting emojis from the smaller subset that they understand. In some cases, that could be less than five emojis - which would make emoji based authentication less secure then using the standard four digit PIN using 0-9,” he said. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews