One of my pet peeves is mobile banking login. Entering an 8-character alpha-numeric password is clumsy and security overkill for 99% of mobile sessions. Four-digit passcodes used at Simple, Mint and others is a good compromise, but then you have yet another password to remember.
While none of my financial providers has done away with the password entirely, Capital One just rolled out something pretty close, a password substitute that uses a pre-set gesture on the touchscreen to log in (see screenshots below).
I updated my Capital One app (v4.3) over the weekend and am happy to report that it worked as promised. It takes less than a second, and due to its uniqueness, it's incredibly easy to remember (that probably changes if everyone started using various gesture systems). It's currently available only on the iPhone, but it's going Android in 2014.
Bottom line: While I think the bank needs to expand its explanation of the new feature (see note 2), it's a fantastic development for the mobile experience. And we hope it spurs more innovation on the login front. As a result, SureSwipe is receiving our OBR Best of the Web award, the third for Capital One (archives; note 3).
How it works
1. At login, users are asked if they want to start using SureSwipe. If so, they press the "Create Your Pattern" button.
2. Users create their login pattern by running their finger between the nine dots. A minimum of four must be used and a few simple patterns are not allowed.
3. The gesture is verified by repeating it, then confirmed by the bank.
4. Users have the option of turning it off or resetting the pattern. To change the gesture, users must enter their existing alpha-numeric password.
5. At login, users are presented with this screen.
Note: There is an option for alpha-numeric login (bottom left) and pattern help (bottom left).
1. Capital One SureSwipe landing page (at top of post)
2. I'm a little surprised the bank didn't address security concerns on its landing page or within its app. There is no "learn more" when the option is first presented to users. I was super excited to see it, but I'm not sure normal users will be so understanding. I think many will have questions about how secure a pattern is compared to a normal password.
3. This is the third OBR Best of the Web for Capital One, all since 2010, when the card issuer began to really push digital distribution. Since 1997, our Online Banking Report industry newsletter has been periodically giving OBR Best of the Web awards to companies that pioneer new online- or mobile-banking features. It is not an endorsement of the company or product, just recognition for what we believe is an important industry development. In total, 90 companies have won the award. Recent winners are profiled in the Netbanker archives.