New products, Protecting yourself

Usernames and passwords, don’t slow me down!

Kimberley Carmona

Like most people my age, I use my mobile phone for everything. I use my phone to connect with people, check the weather and order groceries. I also track how much I have in my bank account using my mobile bank app.

I check all of my accounts often. I look to see what I have in checking before a night out or before I buy tickets to see a movie. On payday, I log in to see what bills need to be paid. I also check my banking and credit card accounts at random times to make sure there are no unauthorized payments.

What I hate is having to type in my username and password every time I log in to my Chase checking account when my other form of authentication fails. Thankfully, the iOS apps for my Discover and Capital One credit cards allow me to skip typing my username and password.

For example, Discover bypasses the old-style login by substituting a user-created four-digit pass code keyed in on a numerical 0-9 pad.
screenshots-passwords A pass code is quicker, but it’s also imperfect. Although there are 10,000 possible combinations for a four-digit PIN, any web search on pass code hacks will lead to thousands of articles about how hackers have broken into four-digit PIN accounts.

That’s why I change my Discover account’s four-digit code once a month to random numbers that have no personal significance.

And what I really like is Capital One’s SureSwipe. SureSwipe lets users log in based on pattern recognition. Users trace a pattern on a nine-point, square-touch grid. To log in, users create a finger-swipe pattern using a minimum of four points in a sequence. Users are notified to create a new pattern if the one they attempt to create is too common, such as a “Z” swipe. If a user forgets their pattern, they can still log in using a username and password.

The app also shows users how many variations there are with the number of dots they used. The more dots that are used, the more variations hackers must play with.

SureSwipe allows account access in seconds, but again, there seem to be a few flaws. The major drawback, in my opinion, is the fingerprint swipe marks left on my phone screen when I use it to log in to my Capital One account. A thief who gets hold of my phone might be able to access my account by looking at the swipe marks.

Another downfall: SureSwipe does not allow pressing and swiping dots that have been used before. Depending on the start of the sequence, users won’t be able to go back to some keys due to restrictions.

Touch ID is my favorite way to log in to my Chase account. Touch ID, which is the fingerprint authentication system for iPhones, might be the safest and quickest way to log in. For Touch ID to work, users have to register a fingerprint in the mobile banking app. Most of the major banks, such as Bank of America, Chase and Capital One, have fingerprint authentication.

Android devices also have a fingerprint authentication format that works similar to Touch ID.

Touch ID works with a steel ring that surrounds the Home button. The ring triggers the technology to scan the finger. Since fingerprints are unique, it makes it harder for hackers to log in to accounts.

The only weakness to Touch ID is that it sometimes doesn’t recognize my fingerprint. Rather than repeatedly trying to get it to scan, I often just skip Touch ID and end up typing my username and password to log in.

Using body identifiers or biometrics to log in to apps has been a major focus of many financial institutions to help their customers log in to their accounts safely and quickly. For example, Wells Fargo users with corporate accounts can opt for a retina scan to log in or wire money from their phones. USAA lets mobile banking users be identified by facial recognition and retina display. (By the way, USAA came in first for its banking business in the 2016 Temkin Web Experience Ratings.)

Touch ID will continue to be my favorite way to log in to an app until the financial institutions I use give me the option to use other biometrics as a way to access my accounts.

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.