Credit card passwords may become passe
Written by Maryalene LaPonsie
Posted On: January 10, 2014
In a world of touch screens, passwords may become a thing of the past.
Capital One has launched a new way for users to access its mobile app -- a way that means never having to worry about clumsy fingers causing typos. Mobile app users with iOS devices will be able to trace a pattern to log in to their account. However, critics question whether relying on finger movements to unlock accounts may pose a security risk.
Connect the dots to log in
The SureSwipe login feature offered by Capital One displays three rows of three dots. To access their account, users must draw a pattern they previously selected. According to the company, the new process allows for bill-pay security while making it quick and simple to access account information.
Only those with iOS devices -- those made by Apple -- can use the SureSwipe feature right now. However, Capital One says it is working on a similar option for those with Android devices and hopes that version will be available in early 2014. The current app also allows users to log in with a password if they so choose.
Of course, pattern passwords are nothing new. Smartphone users have long been able to use patterns to unlock their phones. In addition, the latest version of Microsoft's operating system allows the use of picture passwords: patterns drawn by users over a designated photo.
Security questions raised
While pattern passwords can be convenient, some question whether they are truly secure. Microsoft's picture password in particular has come under fire for being relatively easy to crack.
Researchers at Arizona State University and Delaware State University have shown gesture-based passwords aren't foolproof despite Microsoft's assurances they can be more difficult to guess than regular passwords, as recently explained in a paper, "On the Security of Picture Gesture Authentication." Studies found an automated attack could crack slightly less than 1 percent of picture passwords within five tries, the amount allowed by Microsoft before the account is locked.
One percent isn't a lot, and users may be able to increase their security by making an effort to select a very random part of the photo to use for their password. Apparently, many of those using picture passwords right now tend to focus on common areas of interest such as faces.
But back to Capital One and their SureSwipe log-in. The takeaway from the Microsoft studies may be that users need to take as much care when selecting a pattern password as when they choose an alpha-numerical one.
A square, triangle or line probably isn't going to cut it. Depending on the limitations of the password program, you may try to create a pattern that doubles back on itself or skips dots. Remember, your finger may leave oil residue on the screen that could make it easy to see the pattern. You may want to make an additional pattern once you've logged in or wipe the screen clean to deter any would-be hackers should your phone end up in the wrong hands.
Capital One may be the first major credit card company to offer a pattern password option. However, it may be only a matter of time before accessing all your best credit cards is just a tap and a swipe away.