The verification emoticon can actually be used for a brute-force attack if someone's recording your phone screen (guessing one character at a time is extremely easy compared to brute-forcing the entire password). Then again, it'd be a problem on mobile anyway because of the last character showing up as plaintext for a while, but a fix would nevertheless be welcome in the desktop versions. Maybe show a random emoticon for a while before switching to the legit one? That's what another, similar app does.
Quote
The verification emoticon can actually be used for a brute-force attack if someone's recording your phone screen (guessing one character at a time is extremely easy compared to brute-forcing the entire password). Then again, it'd be a problem on mobile anyway because of the last character showing up as plaintext for a while, but a fix would nevertheless be welcome in the desktop versions. Maybe show a random emoticon for a while before switching to the legit one? That's what another, similar app does.