facebook rss twitter

Windows 8 picture passwords explained

by Steven Williamson on 22 December 2011, 11:21

Tags: Microsoft (NASDAQ:MSFT), Windows 8

Quick Link: HEXUS.net/qabair

Add to My Vault: x

One of the more eyebrow-raising features of Microsoft’s Windows 8 is the way that users can protect their operating system with a “Picture Password.”

Revealed at September’s BUILD conference, the “Picture Password” was billed as a secondary log-in option for the upcoming operating system, not a replacement for text passwords.

Set to feature on Windows 8 phones, touchscreen devices and desktops in 2012, Microsoft has released a few more technical details this week about the new log-in method.

"One of the neat things about the availability of a touch screen is that it provides an opportunity to look at a new way to sign in to your PC,” says Steven Sinofsky, President of Windows Division. “Providing a fast and fluid mechanism to sign in with touch is super important, and we all know that using alpha passwords on touch-screen phones is cumbersome."

Users will be given the option to choose a personal image before assigning three gestures on the chosen photograph via touchscreen or through the use of a mouse. These gestures can include lines, circles and taps. Images are divided by a grid and points are defined by coordinates so the system can match gestures accurately.



Zach Pace, a program manager for Microsoft’s You Centered Experience team, explains more:

We take a look at the difference between each gesture and decide whether to authenticate you based on the amount of error in a set. When the types, ordering, and directionality are all correct, we take a look at how far off each gesture was from the ones we’ve seen before, and decide if it’s close enough to authenticate you.

Users will be given five chances to correctly input the password before the system shuts down and reverts back to the text password log-in before you can attempt the "Picture Password" method again.

Microsoft says that this secondary log-in offers many more permutations than a standard password and will therefore make systems more secure, though it has acknowledged that smudges on the screen could give away  passwords and suggests that users clean their screens regularly.

The secondary-log in method will be totally optional on home PCs and domain administrators will also be able to disable the option.

On the official blog, Microsoft goes into deep technical detail about the math behind the new security method, explaining why it believes it gives added protection to consumers due to the sheer amount of permutations.

Windows 8 hits the beta phase in February with the retail version expected to rollout in the Autumn.

What do you think about the new log-in method?


HEXUS Forums :: 16 Comments

Login with Forum Account

Don't have an account? Register today!
I wonder how many people are going to use phalic shapes as their password when this launches :)
carbon copy of androids ice creame sandwitch lock screen
Won't anyone looking over your shoulder be able to easily copy your ‘password’? Much easier that watching someone tap keys on the keyboard…
Sounds very similar to some authentication methods already in place on android phones..

The touch-screen ‘smudges’ is a big disadvantage / security flaw IMO though!!
I like it. Clever.