From Facebook and Twitter to Amazon and mobile banks, consumers have to punch in passwords to do just about anything online. According to a survey of 10,000 people, commissioned by MasterCard and conducted by Norstat, consumers are prompted to enter their passwords as many as eight times a day. As this count adds up, however, it quickly gets inconvenient. Whether they’re worried about trying to remember so many different passwords or simply don’t want to take the time to enter them over and over, consumers find ways to cut corners, either relying on auto-login features or worse, re-using passwords between accounts.
While everyone is used to hearing the refrain that these time-saving tactics actually increase their risk of identity theft and fraud, it’s easy to revert to the old “it won’t happen to me” defense. In fact, the MasterCard survey found as many as one in five people use just one password across all of their accounts, while an additional 58 percent use just a few variations of the same password.
To offer consumers some relief from the tightrope that currently runs between security and convenience, at least two companies are working on new authentication methods that leverage some of today’s most popular trends: selfies and emojis.
As part of its new Identity Check suite, MasterCard is rolling out technology that will let consumers authenticate payments by taking a photo of themselves. This “selfie” authentication adds a layer of protection in the middle of the checkout process, protecting payments with a key that’s not connected to the users’ account or credit card – but to their very person.
“The use of technology and data will move from a reliance on what the consumer knows (passwords), to what they have (mobile phone or other smart device) and who they are (biometrics),” the company explained in a press release.
This shift could make it difficult for identity thieves to place fraudulent orders or make unauthorized payments on a compromised account, for no matter how much information about a person they were able to steal, it would never be enough to execute a payment. If this strategy proves to successfully protect payments, we could soon see people using selfies in lieu of general account passwords as well.
Instead of a selfie, one British company has developed a way for people to protect their accounts with emojis. By choosing from colorful cartoons instead of standard digits when creating the PIN that protects their credit card, consumers would be able to craft a code that’s harder to crack and easier to remember, claimed Intelligent Environments, the business behind the new password trend. With 44 emojis to choose from compared to just the ten digits 0-9, the company says its system allows for 480 times more combinations than the standard PIN.
How secure are they?
For selfie payments, one of the most obvious concerns would be fraudsters downloading an image of their victims from the internet to fool the authentication system into thinking that person was present. MasterCard’s technology accounts for this, prompting users to blink into the front-facing camera to prove they’re not a still image, according to the Telegraph. It would be far more difficult for an ID thief to obtain a video of their specific victim smiling and blinking, making it unlikely that fraudsters would be able to bypass the system this way.
Even still, critics worry that biometric security systems like MasterCard’s aren’t airtight. For example, when account credentials are compromised in a data breach, consumers can protect their accounts again by simply resetting their passwords. However, if a unique identifying factor like a fingerprint or facial scan was compromised instead, there’s not much people can do to change their biometric password, USA Today reported.
And, while emoji passcodes may be harder to guess than standard passwords, they present many of the same security concerns. Plus, what’s to stop consumers from simply using the same emoji password on every one of their accounts?
At Identity Guard, we can help you better protect your identity from fraud. Our credit monitoring service can keep an eye on your credit files even when you can’t, alerting you if it detects certain activity that may indicate fraud. Plus, our password managers and other cybersecurity tools can help improve your identity theft protection on the web.