This fall MasterCard will roll out new technology that approves payments for online purchases using a facial scan as opposed to an alphanumeric password. In an interview with CNN, Ajay Bhalla, MasterCard’s president of Enterprise Safety and Security, said, “The new generation, which is into selfies ... I think they'll find it cool. They'll embrace it.” The technology involves the user staring into their phone’s camera and blinking once as confirmation for a purchase. The blinking is intended to act as a deterrent to criminals who might hold a picture up to a phone to subvert the technology and gain unauthorized access.

NakedSecurity reported the story with a nod to the history of failed facial scan access controls, particularly an older version of Android that attempted to use the same blinking-as-confirmation process. In that instance, researchers simply took existing user photos and mocked up versions using image editing software to make it appear that the user’s eyes were closed, then animated the pictures to successfully gain access to a locked device. 

In addition to the facial recognition component, MasterCard is also planning to introduce an app that uses fingerprints as an alternate form of biometric identification, so that users would have a choice between a face or fingerprint scan as an alternative to a pin code. In the same CNN interview, Bhalla also said that MasterCard is researching the possibilities of additional biometric access platforms, “experimenting with voice recognition, so you’ll be able to simply approve an online transaction by speaking to your phone.” Additionally, they are also working with Nymi, the inventors of the Nymi Band, a wrist band that measures the electrocardiogram rhythms of the user’s heartbeat and uses them for the purposes of biometric authentication ie. a password based on the unique rhythm of the user’s heart. 

MasterCard’s experiment in using selfies as passwords comes soon after a British digital financial services company released a banking app that allows users to use emojis as bank passwords.

What do you think is safer to use as a bank password – a selfie or a password made up of emojis?