Will You Soon Be Logging Into Your Accounts With Emojis?

Maryalene LaPonsie
Schüler wegen Emojis verhaftet

Numbers and letters will only get you so far when it comes to keeping hackers out of your accounts, security experts say. As a result, some banks and other institutions are looking for new ways to safeguard customer data.

[Read: 12 Tips to Outsmart Financial Spies.]

"To my knowledge, financial institutions are testing new authentication methods including facial recognition, voice recognition, heartbeat recognition and iris-scanners," says Alex Matjanec, co-founder of MyBankTracker.com.

Meanwhile, other institutions may be toying with the idea of replacing letters and numbers with emojis. The UK technology firm Intelligent Environments launched an emoji-only passcode system last year, and some see that as a customizable way to provide an added layer of security that is also convenient for customers.

Advanced computing power giving hackers an edge. Erik Knight, a cyber security expert for 20 years and CEO of SimpleWan, says today's technology is making it easier for hackers to crack passwords. To run what are known as "brute force attacks," cyber criminals set up computer programs that automatically run through all the various combinations of letters and numbers that could make up a password. "Five years ago, it would have taken a day or so to break a five-digit password," Knight says. "Now, they can do it in a few hours."

Banks and other institutions have worked to stay ahead by rolling out more complex password requirements. For example, many now require a strong password that includes a capital letter, a lowercase letter, a number and a special character. However, as those requirements become standard, hackers simply adjust their computer programs to fit the new password criteria.

Instead of creating a password system that simply adds extra requirements that are publicly available, a better option may be to find a system that leaves hackers in the dark when it comes to password components. That system may be one that incorporates emojis or biometric features.

[Read: How to Make More Secure Passwords.]

Emojis and biometrics make it harder to crack codes. On the surface, emoji passwords appear similar to traditional passwords. The main difference is that instead of numbers and letters, users are selecting from a set of pictures. However, Knight says the beauty of a strong emoji password system is that the picture is translated into characters by the log-in system, and each emoji may be comprised of a number of characters resulting in a lengthy password. What's more, the characters that make up an emoji may be customized so that what makes up a smiley face on one system could conceivably be different than the smiley face on another system. "Visually, it would be very easy for [people] to use," Knight says. "From a brute-force standpoint, it's a lot of characters [to decipher]."

While emojis are piquing the interest of some, others say biometric methods of authentication are more likely to go mainstream. "I think [emojis] are OK," says Darren Guccione, CEO and co-founder of Keeper Security, Inc. "But they're not as strong as biometrics." The most common biometric used may be fingerprints, thanks to the proliferation of smart phones -- many of which now feature built-in fingerprint scanners. U.S. Bank is one institution that recently launched fingerprint access for iPhone users, and the company told U.S. News it expects to expand the service to the Android platform soon.

Even your fingerprints may not be safe. Unfortunately, not even your fingerprints or other biometric features are safe from hackers. In 2014, a hacker replicated the fingerprints of the German defense minister by analyzing high-resolution photos of her hands. Plus, Guccione says he's seen online videos demonstrating how to steal fingerprints with Elmer's glue. "It's scary," Knight says of the possibility biometric data could be stolen. While a stolen password can be changed, retinas and fingerprints can't be reset. "There's no undo button. Once it's leaked, it's leaked for life."

To avoid a stolen fingerprint from being a gateway to all a person's data, some institutions are setting up two-factor authentication systems. With these systems, a biometric reading may be combined with a strong password to essentially double the security on an account.

Password manager Keeper can be set up to use biometrics in a similar way. Fingerprints alone aren't enough to access data, but instead work in conjunction with a master password. "It's used as a key to unlock a password," Guccione explains.

[Read: How to Keep Your Data Safe From Cybercrime.]

Matjanec says consumers' best bet is to use complex systems whenever possible. "People should really look for multiple layers of security as it makes it much more difficult for someone to break into your accounts."

Consumers should be prepared for changes in how they log into accounts in the future. However, they also shouldn't become too complacent or expect that an emoji or biometric system will be the last word in data security. As passwords evolve, so too will hacker methods.