Florian Schaub is assistant professor of information and assistant professor of electrical engineering and computer science at the University of Michigan.
Would you rather unlock your smartphone with a plain four-digit PIN or with a smiley-face emoji?
Smartphone users commonly use emojis to express moods, emotions and nuances in emails and text messages — and even communicate entire messages only with . In 2015, a British company tried using emoji passcodes in place of PINs at bank ATMs. But there had been no formal study of how easy they were to use, or how secure they were in comparison to other methods, like PINs.
To learn more, in the lab and in the real world, a team of researchers from the Technical University Berlin, Ulm University and University of Michigan, led by TU Berlin Ph.D. candidate Lydia Kraus, developed EmojiAuth, an emoji-based login system for Android smartphones. How well would users remember their emoji passcodes? Could they be more secure, too? And might they be more fun, adding a bit of enjoyment every time a user unlocked her phone?
Creating emoji passcodes
Most smartphone users keep their screens locked and need to unlock them numerous times a day. Many people use numerical PINs, but research tells us that images are easier to memorize and recall than numbers or letters. PINs can also only be composed from a small number of symbols: the numbers 0 to 9. Passwords can be created from a larger set of characters but are difficult to type on smartphones. Using emojis, on the other hand, allows us to draw from over 2,500 emojis, which promises passcodes that are more resistant to cracking and casual observation.
In our initial experiment, we gave 53 participants an Android phone and divided them into two groups. The first group of 27 people selected a passcode made up of any of 12 emojis on an emoji keyboard individually generated for each user from the library of all possible emoji icons. (Once set, each user’s…