The future of authentication: the emoji
It’s my online banking password. Or at least it could be if we are to believe news that the emoji could replace the humble numerical PIN number.
What may initially seem a far-fetched concept does make sense in many ways given there are only 7,290 unique permutations of four non-repeating numbers vs. 3,498,308 million unique permutations of 44 non-repeating emojis. This near infinite amount of password combinations could not only limit the opportunity for fraudsters to hack into accounts but from conversations with our customers we know that passwords that combine letters and numbers can often be weak or difficult to remember. A broader set of characters which could be used, including emojis, will not only make it harder for others to guess, but could also make it easier for us to remember due to the visual nature of the character set.
Whatever form password 2.0 takes, it will need to ensure it is not only secure but also suitable to access multiple platforms and devices.
Organisations considering introducing emojis would also need to consider whether their customers would be limited to using mobiles or tablets to complete the authentication process – rather than being able to access via a landline or computer.
Using emojis could certainly offer a further boost to mobile banking. Whilst consumers in the UK are already on top of mobile banking – its estimated that they will have accessed their
current accounts 895 million times by the end of 2015  – in the US, there is a much slower burn with just 33% of consumers using it . So the behaviour and the willingness is there, what may be lacking in the first instance is appropriate levels of authentication.
This story has raised an interesting debate and highlighted that more thought is needed as to whether emojis could be a realistic move forward for online authentication. Almost certainly, a balance will need to be struck between security benefits versus whether consumers will need a different password for different devices.
Device agnostic passwords would be a much simpler solution, but I agree that we need to
start thinking now about how to strengthen this process. If a smiley face does end up being the answer to this, then let’s make sure both businesses and consumers are clear on how it
will affect them and what they will need to do to make a payment or buy a new pair of shoes.