Evaluating the Security and Usability of Emoji-Based Authentication

Abstract

With the increasing digitization of the world, there is a growing need to prove one's identity and to restrict access to both personal and corporate data. Passwords have several drawbacks, but are still the preferred choice for this purpose. Motivated by the fact that the human brain remembers visual information better than text, graphical password schemes such as the Android Pattern Lock have been proposed as an alternative to traditional passwords.

Emojis have become an inherent part of almost every digital text message. More than 2700 emojis are currently available, and this number is constantly increasing. The huge amount of characters can provide passwords with higher security than their text-based equivalents. Only limited research on emoji-based authentication exists, making it an interesting subject to study.

In this project, a literature study on the use of emojis as an alternative to PIN entry and text passwords was conducted. By analyzing the current state of emoji-based authentication, a novel password scheme called EmojiStory was proposed. In EmojiStory passwords are created from predefined stories and emojis selected by the user. The security and usability of the system was evaluated through two online surveys, in which more than 1,700 participants took part.

The results from the surveys suggest that EmojiStory offers good usability. The emoji passwords are easy to remember, password creation and login are fast, and a positive user experience is provided. The results also indicate that EmojiStory offers better security than PIN. However, certain emojis were preferred by the participants. Therefore, further research is needed to compare observed bias in the passwords with that of other authentication systems. We also advise that further studies on the memorability provided by EmojiStory should be conducted.