Revealed at September’s BUILD conference, the “Picture Password” was billed as a secondary log-in option for the upcoming operating system, not a replacement for text passwords.
Set to feature on Windows 8 phones, touchscreen devices and desktops in 2012, Microsoft has released a few more technical details this week about the new log-in method.
"One of the neat things about the availability of a touch screen is that it provides an opportunity to look at a new way to sign in to your PC,” says Steven Sinofsky, President of Windows Division. “Providing a fast and fluid mechanism to sign in with touch is super important, and we all know that using alpha passwords on touch-screen phones is cumbersome."
Users will be given the option to choose a personal image before assigning three gestures on the chosen photograph via touchscreen or through the use of a mouse. These gestures can include lines, circles and taps. Images are divided by a grid and points are defined by coordinates so the system can match gestures accurately.
Zach Pace, a program manager for Microsoft’s You Centered Experience team, explains more:
“We take a look at the difference between each gesture and decide whether to authenticate you based on the amount of error in a set. When the types, ordering, and directionality are all correct, we take a look at how far off each gesture was from the ones we’ve seen before, and decide if it’s close enough to authenticate you.”
Users will be given five chances to correctly input the password before the system shuts down and reverts back to the text password log-in before you can attempt the "Picture Password" method again.
Microsoft says that this secondary log-in offers many more permutations than a standard password and will therefore make systems more secure, though it has acknowledged that smudges on the screen could give away passwords and suggests that users clean their screens regularly.
The secondary-log in method will be totally optional on home PCs and domain administrators will also be able to disable the option.
On the official blog, Microsoft goes into deep technical detail about the math behind the new security method, explaining why it believes it gives added protection to consumers due to the sheer amount of permutations.
Windows 8 hits the beta phase in February with the retail version expected to rollout in the Autumn.
What do you think about the new log-in method?
