Windows 8 gets picture passwords

4/6/2012 11:37:51 AM

In a bid to improve security and speed up logins, Microsoft is to give Windows 8 picture passwords. Tim Greene and Carrie-Ann Skinner find out more

Windows 8, which is expected to launch in public beta imminently, will allow PC users to log in using picture passwords. You’ll be able to select any image from your gallery, then specify a gesture to authenticate secure login. In our image, for example, login requires the user to tap the mother’s nose, circle anticlockwise around the father’s head, then draw a line from one sister’s nose to the other.

“When we started the process of designing picture passwords, we knew that we wanted a sign-in method that was fast, fluid and personal to each and every user, but still had a robust security promise,” said Zach Pace, a Windows program manager.

“You get to decide the content of the picture, and you can choose a picture that is important to you, just like many people do on their phone lock screen.”

Traditional login authentication causes security issues as many users choose easy to remember and therefore, guess passwords. Alphanumeric passwords are stronger, but vulnerable to key-logging, where malware records and reproduces a user’s keystrokes. Microsoft hopes its picture passwords will alleviate this security concern.

A one tap login is relatively insecure, given that frid overlay has only 270 possible touch points, but using eight taps increases the number of possible combinations to more than 13 quadrillion. Circles are even more complex, with seven circles providing one quintillion options.

“Someone trying to reproduce your picture password needs to know not only the parts of the image you highlighted and the order in which you did it, but also the direction and start and end pints of the circles and lines that you drew,” said Pace.

Microsoft claims that its picture passwords will also speed up logins. With three gestures, a picture password takes less than four seconds to enter but can still provide more than one trillion combinations, compared with 81,120 for character-based, and 1,000 for numeric passwords.

“We believe we’ve hit on a method of singing in that’s secure but also a lot of fun to use. We love picture password and the additional personal flavour it brings to windows 8,” said Pace.

Not everyone is enthused, however. According to the inventor of RSA’s SeurID token, Kenneth Weiss, picture passwords are “cute”, but don’t offer serious security.

Weiss said the major down side of picture passwords is that drawing a pattern across a photo is easy to record from a distance, and therefore relatively easy to compromise. Alphanumeric passwords get around this problem by starring out the characters onscreen as you type. That Microsoft will also allow a traditional password login for Windows 8 is perhaps an acknowledgement of this shortcoming, he said.

Other problems include backing up the touch pattern that is the login. “To put down a description of the sequence is possible, but that’s a lot of writing,” Weiss said. “It’s more like a Fisher-Price toy than a serious choice for secure computer access.”

Still, it’s better than nothing, admitted Weiss, and will raise login security awareness.

What to expect

Describes as a “reimagining of Windows from the chipset to the experience”, Microsoft’s forthcoming OS boasts a dual interface that’s suitable for both keyboard/mouse and touchscreen input. The traditional Windows desktop is joined by the new Metro interface, which borrows heavily from Windows Phone 7 with a series of tiles that link to apps or can the two using the Start button.

For the first time, Windows will also include an integrated app store, known as the Windows Store, where Metro apps and traditional desktop software can be purchased. Microsoft has confirmed that windows 8 will run on ARM-powered devices, and its Metro-based apps will also be compatible. The desktop programs will not work on these devices, however.

Microsoft claims a Windows 8 PC will go from powered down to the Start screen in less than 10 seconds. This speedy boot is thanks to a system that mixes processes used in cold boots and hibernation mode.

“We took everything that was really great about Windows 7 and we made it even better in Windows 8,” said Steven Sinofsky, president of the Windows division.

  •  Ultrabooks To Get Touchscreens & Voice Recognition
  •  Thunderbolt vs USB 3.0
  •  Microsoft Sues Comet For Pirating Windows
  •  How to Uninstall Windows Drivers : Roll back to previous driver & Uninstall a driver
  •  Consumers Finally Dropping XP In Favour Of Windows 7
  •  Anatomy of Utrabooks (Part 6) - Samsung Series 9 900X3A & Toshiba Portégé Z830
  •  Anatomy of Utrabooks (Part 5) - Asus Zenbook UX21 & Lenovo Ideadpad U300S
  •  Anatomy of Utrabooks (Part 4) - DELL XPS 13
  •  Anatomy of Utrabooks (Part 3) - ASUS ZENBOOK UX31
  •  Microsoft predicts the future
  •  Expert computing advice (Part 3) - File-system conversion
  •  Expert computing advice (Part 2) - (Un)protect your Wi-Fi network & Endless updates
  •  Expert computing advice (Part 1) - Autorun worm, Sketching software & Two networks, one router
  •  Anatomy of Utrabooks (Part 2) - Acer Aspire S3
  •  Anatomy of Utrabooks (Part 1) - Users’ Guildance: How we test
  •  Add RAM to boost performance : Upgrading desktop PC memory
  •  Windows 9 : What to expect - 32-bit support , WinRT & XNA
  •  Get A Faster, Safer PC (Part 3) - Make text easier to read, Disable a laptop touchpad
  •  Get A Faster, Safer PC (Part 2) - Clean a PC and keyboard, Prevent PC hacks
  •  Get A Faster, Safer PC (Part 1) - Clear out the system tray, Remove crapware & A slicker setup
    Top 10
    Windows 7 : Protecting Your Network from Hackers and Snoops - Testing, Logging, and Monitoring
    Windows 7 : Protecting Your Network from Hackers and Snoops - Active Defense
    Windows Server 2003 : Dynamic DNS
    Windows Server 2003 : Subdomains and Delegation
    Installing HP-UX : Software Distributor Background
    Installing HP-UX : Remote Support (Instant Support Enterprise Edition)
    Installing HP-UX : Loading Patches
    ASP.NET 3.5 : Writing HTTP Modules (part 2) - The Page Refresh Feature
    ASP.NET 3.5 : Writing HTTP Modules (part 1) - The IHttpModule Interface, A Custom HTTP Module
    Top 10 DSLRs – November 2012
    Most View
    Capture A Subject As A Reflection (Part 1) - Shoot water reflections
    Linux - Gone In A Flash
    Ten Keys to Successful Microsoft Business Intelligence (cont.)
    Web Server Access Control Permissions in IIS 7
    Get more from your music : Step-by-step take control of your music
    Iomega StorCenter PX4-300D 4TB - New Small Business NAS Box
    Biggest tips guide ever! (Part 3) - Security
    Hide Files with Steganography (Part 2)
    Building a WPF Application without XAML (part 2)
    iPhone Developer : Search Tables and Core Data
    Confessions Of An Internet Troll (Part 1)
    Asus P8Z77-V Premium : Loads Up Every Conceivable Feature
    Using Group Policy in Windows Vista
    Dropcam HD: It doesn't get any easier than this
    Using Non-Windows Systems to Access Exchange Server 2010 : Understanding Other Non-Windows Client Access Methods
    SQL Server 2008 : Explaining Advanced Query Techniques - Controlling Execution Plans (part 1)
    EDGE10 EF240a
    XNA Game Studio 4.0 : Xbox 360 Gamepad (part 1) - Reading Gamepad State
    AMD Radeon HD 7850 2GB vs. Nvidia GeForce GTX 660 2GB vs. AMD Radeon HD 7870 2GB (Part 1)
    Windows Vista Services that You Need Understand