Would you rather unlock your smartphone with a plain 4-digit PIN or with an emoji password? Emojis are commonly used to express moods, emotions and nuances in text messages and emails. There have been instances where entire messages have been composed of only emojis. A British company tried using emoji passcodes in place of PINs at bank ATMs in 2015. However, there had not been a formal study of how easy they were to use, or how secure they were in comparison to other methods.
To learn more about that subject, a team of researchers from the Technical University Berlin, Ulm University and University of Michigan developed an emoji-based login system for Android smartphones. In the initial experiment, the group handed 53 participants an Android smartphone each, then split them into 2 groups. The first group selected a passcode made up of any of 12 emoji on an emoji keyboard, individually generated for each user from the library of all possible emoji icons. The remaining people picked a numeric PIN.
When these people were tested a week later, the results showed that PIN users remembered their passwords slightly more often. However the people who used an emoji password reported having more fun entering their codes. The same reaction was gotten when the group installed a special login screen for email apps on smartphones belonging to 41 participants. Half of these participants used PINs, the rest used an emoji password. These participants used these different login patterns for two weeks.
At the end of the field study, the group tested the security of emoji passcodes. Participants were asked to peek over the researcher’s shoulder while she entered a passcode. Here, the group found out that an emoji password consisting of six randomly selected characters is hardest to steal over a user’s shoulder. Other types of passcodes, such as four or six emoji in a pattern, or four or six numeric digits, were easier to observe and recall correctly.
Ultimately, the study proved that emoji-based mobile authentication is not only practical but also an enjoyable method of remembering and protecting passwords, as long as the user does not use emoji in a sequence that corresponds to a pattern on the keyboard.