Smiling sun, flames, guitar, penguin… that is just one combination of emojis that a person might use to log into their bank account instead of using a PIN number. UK technology firm Intelligent Environments announced the launch of “the world’s first emoji-only passcode,” because emojis are “mathematically more secure” than four-character PIN numbers as well as easier to remember. The company claims, emojis as a PIN “will prevent hackers from identifying common and easily obtainable numerical passcodes, like a date of birth or a wedding anniversary.”
A regular keypad offers 10 unique choices for a PIN number, 0 through 9, while Emoji Passcode offers a selection of 44 emojis meaning “480 times more” choices. With traditional PINs, there are 7,290 unique four-number combinations so long as none of the numbers are repeated. With 44 emojis, there are 3,498,308 million unique combinations of non-repeating emojis. While Intelligent Environments toss out those numbers, there is no mention if security is in play to prevent repeating emojis in a passcode.
Previously when Data Genetics analyzed PIN numbers that had been exposed thanks to being stored in unencrypted databases, the company revealed numerous quirky PIN trends as well as some of the most popular PIN choices. People loved to start their PIN number with 1 as well as with 0, or to use the uninspired choice of 1234. While those wouldn’t be the case if emojis were used as a PIN replacement, some people might select emoji characters in patterns the same way they do with PIN numbers.
Patterns like 1212 or 1122, and repeating digits like 1111 or 0000 were very common for PINs as well as repeating pairs in the XYXY format. People were also influenced by visual keyboard layouts clues like 2580 which runs down the center of an ATM or phone. The emoji characters layout might be better, but not if people used some of the same pattern types as they do in PINs; if security is in play to prevent repeats, people might default to selecting the four corner emojis as they do on a traditional keypad.
Intelligent Environments’ press release makes no mention of how the passcodes would be stored or what banks want to roll out emoji passcode options. Instead, even though the title is "Now you can log into your bank using emoji," the company claims it is “in discussion with banks” that might roll out the tech to customers within the next 12 months. However when I proposed the possibility to a local bank branch manager, her first response was to laugh. Loosely translated that meant, “Don't hold your breath for that one.” That doesn't mean other banks might feel the same.
“We’ve had input from lots of millennials when we developed the technology. What’s clear is that the younger generation is communicating in new ways,” said David Webber, Manager Director at Intelligent Environments. “Our research shows 64% of millennials regularly communicate only using emojis. So we decided to reinvent the passcode for a new generation by developing the world’s first emoji security technology.”
According to the company, a survey of 1,300 UK respondents found that a third had forgotten their PINs in the past; one in four use the same PIN for all their cards. Those are likely the same people who reuse the same password across multiple sites. People allegedly forget passwords “because the brain doesn't work digitally or verbally; it works imagistically,” according “memory expert” Tony Buzan. “Images are the prime way of remembering anything you want to remember.”
That may be true, but other experts have claimed “distinctive smells have more power than any other sense to help us recall distant memories” and sounds are great too for pulling memories to the forefront. Maybe someday someone will come up with PINs that are composed of selecting four scents or sound bytes? Of course anyone nearby would then know your PIN. Like it or not, it’s highly probable that passwords will eventually be replaced by some form of biometrics like facial, iris, or fingerprint recognition.