Amazon just unveiled a new keyphrase/PIN payment system that may not exactly be quicker than the 1-Click interface (zero-click buying is frowned upon), but it might be simpler for some users. It's dubbed PayPhrase, and it works pretty much how you think it will. But is it actually safe?
Here's how it works: You set up a memorable phrase inside your Amazon account settings, as well as a 4-numeral PIN. When you're buying an item from the store, or from one of Amazon's Connect partners, the payment pop-up bubble will then offer you the chance to use PayPhrase as well as 1-Click. You then tap in your PIN and the phrase, and that's it--everything else, including addressing and credit card details, is handled for you. Each Amazon user can also set up several PayPhrases tied to different cards or addresses.
If that sounds moderately more complex than using 1-Click--and it certainly appears so because one little click really doesn't take much effort--then you're wrong. You don't have to log in to Amazon to do it, so the advantage is that PayPhrase puts you one step further along in the payment process. It sounds great for habitual buyers, and Amazon presumably thinks the slight simplification will encourage people to buy more stuff through its stores.
But there are two glaring flaws: Instead of having to remember a username and password, you now have to remember a PIN and a complete phrase. That's almost as complex--we all have to remember a bunch of 4-digit PINs as it is. The phrase can be almost anything (as long as its plain text and at least two words long), which means it could be more memorable than some passwords, and it may be more resistant to hacks--though not a full-on dictionary search attack, I suspect. The temptation will be, of course, to put something personal or memorable in there. That might actually be easier for someone who knows you, or who has phished your data, to battle. So while it won't give a hacker access to your credit details, it could be a way for him or her to run up your bill unexpectedly--or to order goods to be delivered to a different address.
Is a slightly faster, not ostensibly insecure payment option worthwhile? Hard to tell--and Amazon probably won't reveal how may people use it over 1-Click, given how fearsomely the company guarded its statistics. If it survives as an option for long, then clearly the average InterWeb user will have deemed it acceptable--or it will turn out to be a quick and convenient way to buy Amazon products via smartphones.