Recently, a LastPass security hole that spilled email addresses and password reminders has put the spotlight back on login security. Now Intelligent Environments, a United Kingdom-based technology firm, thinks it has the key that could help lock down those passwords more tightly: emoji.
The firm announced its “Emoji Passcode” tool Monday based on a simple premise. The large and growing range of potential emoticons offer many more choices than numerical digits, making it harder for hackers to “crack” PINs or passcodes, and gain access to users’ accounts.
See also: Changing Passwords No Longer Has To Suck
Intelligent Environments has begun pushing the concept to banks, starting in the UK, hoping it will adopt this picture-friendly form of authentication for their customers. If the company succeeds, the concept’s leap to other scenarios—think smartphone logins, secure apps and other online services—may not be far behind.
A Picture Is Worth A Thousand PINS
The use of emoji—the image-based characters that sprang out of Japan to take over the world’s messaging—may seem like a naive, overly simplistic approach to the complex, frustrating problem of keeping intruders out of our confidential accounts.
Then again, some financial institutions and services already use images in some form for authentication, so a variation on the theme may not be all that foreign a concept.
Experts will tell you that there’s no such thing as perfect security, but easy, low-cost tactics may still be worth considering. If nothing else, at least they can put more obstacles in front of attackers. Every little bit helps—even if it only adds complication to tactics like “brute force” (a trial-and-error method performed by software, which can crank through a massive volume of guesses at high speeds).
The commonly used, four-digit PIN number has only 7,290 possible combinations. That’s not very high from a security standpoint. A hacker equipped with the right software could “brute force” through hundreds of possibilities for four-digit PIN combinations without much trouble.
Intelligent Environments’ tool, however, offers 44 different emoji to choose from, providing 480 times more possible combinations, for a total of over 3.4 million. The result is a higher chance of a unique passcode that’s less likely for an unauthorized user to guess—and more likely to be remembered by an authorized one.
On its website, the firm cited “memory expert” Tony Buzan, the inventor of the Mind Map technique, who says that humans have an “extraordinary ability to remember pictures, which is anchored in our evolutionary history.” Because emoji rely on pictures rather than the comparatively abstract numbers and letters we’ve been using for the last several decades, they are more suited to how our brains work.
While probably an improvement over today’s standard PIN codes, it’s not entirely clear emoji is really any more secure than other alternatives. Using a string of words, instead of a mix of different symbols or characters, could help make passwords more difficult to guess—and it wouldn’t require any special tools to implement.
Today The Banks, Tomorrow The World
Although no banks have actually signed on for Intelligent Environments’ emoji passcode tool yet—the firm says it’s “in discussion” with a few—one thing seems clear: There’s a pressing need for greater security in all sorts of scenarios, from banking to emails, social networks and other online services.
Numerous options are already pushing forward, with alternative approaches, from fingerprint or retina scanning to even voice biometrics.
But not all devices or developers are equipped to support those technologies, which is where the use of alternative passwords—whether by using strings of words or emoji—can help.
Lead image and above image courtesy of Intelligent Environments; comic courtesy of xkcd; screen captures of image authentication by Adriana Lee for ReadWrite