Why emojis โ ๐ซ๐ฃ๐๐ญ โ might be your next password
Useful for expressing moods, emotions and nuances in messages, emojis could have another use: as your next smartphone password
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Would you rather unlock your smartphone with a plain four-digit PIN or with a smiley-face emoji? Would it be easier and more pleasant to remember โ๐ฑ๐ฆ๐๐,โ for example, or โ2476โ?
Smartphone users commonly use emojis to express moods, emotions and nuances in emails and text messages โ and even communicate entire messages only with emojis. In 2015, a British company tried using emoji passcodes in place of PINs at bank ATMs. But there had been no formal study of how easy they were to use, or how secure they were in comparison to other methods, like PINs.
To learn more, in the lab and in the real world, a team of researchers from the Technical University Berlin, Ulm University and University of Michigan, led by TU Berlin PhD candidate Lydia Kraus, developed EmojiAuth, an emoji-based login system for Android smartphones. How well would users remember their emoji passcodes? Could they be more secure, too? And might they be more fun, adding a bit of enjoyment every time a user unlocked her phone?
Creating emoji passcodes
Most smartphone users keep their screens locked and need to unlock them numerous times a day. Many people use numerical PINs, but research tells us that images are easier to memorize and recall than numbers or letters. PINs can also only be composed from a small number of symbols: the numbers 0 to 9. Passwords can be created from a larger set of characters but are difficult to type on smartphones. Using emojis, on the other hand, allows us to draw from over 2,500 emojis, which promises passcodes that are more resistant to cracking and casual observation.
In our initial experiment, we gave 53 participants an Android phone and divided them into two groups. The first group of 27 people selected a passcode made up of any of 12 emojis on an emoji keyboard individually generated for each user from the library of all possible emoji icons. (Once set, each userโs emoji keyboard stayed the same.) The remaining 26 people picked a numeric PIN.
People most frequently used one of three methods to choose an emoji sequence: based on a pattern on the emoji keyboard (such as down one side or emojis in the corners), personal preferences for particular emojis and constructing stories with the emojis. For example, one participant had a song in mind and chose emojis that corresponded to the words of the song. After practising entering their new passwords several times, the subjects were asked to return a week later to reenter their passwords into our test smartphone.
Our lab results showed both PINs and emoji passcodes were very memorable. Overall, PIN users remembered their passwords slightly more often, though that may be because many people are used to memorising PINs. But the people who used emoji passcodes reported having more fun entering their codes.
Out in the field
Next, we wanted to explore how emoji passcodes held up in everyday use. On the Android phones of 41 participants, we installed a special login screen for their smartphonesโ email app for about two weeks. About half of them used emoji passcodes; the others used PINs.
As we had found in the lab study, the users who used emoji passcodes picked emojis that made patterns on the keyboard, or that they personally like, or matched stories they made up.
Both groups of users, those using emojis and those using PINs, reported their passcode was easy to remember and use. But the emoji-using groupโs passcodes were more fun to enter than just numbers.
Additional security
At the end of the field study, we tested the security of emoji passcodes. We asked participants to โshoulder surf,โ peeking over the researcherโs shoulder while she entered a passcode.
We found that emoji passcodes consisting of six randomly selected emojis were hardest to steal over a userโs shoulder. Other types of passcodes, such as four or six emojis in a pattern, or four or six numeric digits, were easier to observe and recall correctly.
Our studies, which one of our team is presenting on 30 May in Rome, show that emoji-based mobile authentication is not only practical but also an enjoyable method of remembering and protecting passwords โ so long as users donโt use emojis in a sequence that correspond to a pattern on the keyboard.
Florian Schaub is an Assistant Professor of Information; Assistant Professor of Electrical Engineering and Computer Science, University of Michigan. This article was originally published on The Conversation (www.conversation.com)
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments