From pictures to passwords: the rise of emoji authentication

Written by:   Kevin Dallas, Chief Product Officer, Worldpay,  15 Jul 2016

How often have you tried and failed to log into your account on a website you weren’t even sure you’d signed up to, only to have to go through the arduous process of resetting your password? 

Whether it be online banking, your email or even a website you’ve used once in your life, everything requires a password, and it soon becomes difficult to keep track of them all. 

On the command of internet security experts we create passwords that are a puzzling combination of upper and lower case letters, numbers and symbols; all the while, different for every single account in our name. The complexity that we, the consumer, have to adopt inevitably becomes more and more difficult to remember. This difficulty to remember in turn leads to security issues with people committing the cardinal sin of writing down or saving passwords on unencrypted documents purely to remember them. And it’s not just passwords which are affected. Bank PIN numbers also fall into this bracket – especially if you haven’t used an account or card for some time.

But for all those frustrating forgotten passwords, one company has come up with a novel solution that’s sure to put a smile on people’s faces. The plan is to use emojis as an alternative text for passwords.
With their rising popularity, memorable images and wide range of characters, emojis are an obvious choice of symbol for the authentication process. In fact the ‘Faces with Tears of Joy’ emoji was chosen as the Oxford Dictionaries word of the year, just in case you’re questioning its linguistic legitimacy. 

Given that there are nearly 3.5 million unique permutations of 44 non-repeating emojis compared to the 7,290 of four non-repeating numbers and a whole host of branded emojis all the way from Kim Kardashian to Disney, you could be forgiven for thinking that this may lead to even confusing variables. But the masses of password combinations that could become available doesn’t only make it harder for fraudsters to hack accounts, but also makes it easier for us to remember thanks to the distinct visual nature of the emoji character set.

If a picture paints a thousand words then the 3.5 million that emojis paint could be soon adopted by companies and organisations. Before they do this though, it might be worth considering whether customers would only be using mobiles or tablets where the emoji keyboard is easily accessible for the authentication process. If so would – would people only be able to login on tablets and mobiles or would they need to have two logins for both platforms? Or perhaps it may not be long until we see a real life emoji keyboards for computers.

Using emojis could well be a method of getting the remaining few stragglers on to online banking. In the US where there is a slower adoption, security and password fears make up part of the reason why people resist. 
But is the emoji really the answer? Given the high rate of visual recall, we could be led to believe that this could end the blight of password resets, after all who could forget a smiling poo? However the problem for emojis lies in whether this is a feasible move for online authentication.

If emoji passwords are going to work, a meeting point needs to be found between the security benefits and the practicalities.  Given that device agnostics are a simple solution that has already been presented to the market, now could be the time to strengthen the authentication process. But with the rise of emojis reaching fever point around World Emoji Day this week we may see them infiltrate our lives more and more.

Written by:   Kevin Dallas, Chief Product Officer, Worldpay,  15 Jul 2016