Windows 8 Mixes Personal Pictures And Custom Gestures For Log In Passwords
Windows 8 Mixes Personal Pictures And Custom Gestures For Log In Passwords
Posted 12/19/2011 at 11:51am
| by Brad Chacos
7
Comments
Print
We won’t delve too far into it again – why beat a dead horse? – but research has proven that most people’s passwords suck, plain and simple. Sophisticated geeks may shrug their shoulders and simply laugh at the newbs, but it’s in Microsoft’s interest to build a secure operating system – hence the whole Secure Boot thing. The company’s taking an interesting approach to passwords in the upcoming Windows 8, one that mixes personal pictures and touch/mouse gestures to create a log in experience that Microsoft claims is both faster and more secure than traditional alphanumeric passwords.
It all starts with a picture; any picture stored on your device, in fact. After you select a picture, you then use touch or mouse gestures (depending on which flavor of hardware you’re rolling with) to highlight parts of the image with circles, lines and taps. In the example shown above and on the blog post unveiling the scheme, the user circled the Dad’s head, tapped the mom's nose and drew a line between the sisters’ schnozzes. After being set, that series of gestures – including their drawn-in direction and starting and end points – becomes the new password for your account. (Presumably a traditional alphanumeric version should still be included.)
We can already hear you screaming “BUT THE SMUDGES WILL GIVE IT AWAY!” Cool down, cool down. Microsoft says the fact that direction and start/end points counts still make it more secure than a standard PIN code, and program manager Zach Pace even uses a bunch of math to prove it at the end of his blog post.
So, what do you think of the new password scheme? Is it novel or stupid? Are you, like me, worried that your sloppy fingers might lock you out of your PC after a night at the pub?
More like this
7
Comments
Comments are closed on this article
gmvolk
December 20, 2011 at 6:58am
How many people turn off the windows login password. I do, I just want my pc to boot right to the desktop. I guess it might make sense for a tablet, which looks to be what MS is gearing Win 8 for. Otherwise, no if I did decide to do Windows 8 on my laptop, I would not use this "feature".
livebriand
December 19, 2011 at 3:42pm
It's probably easier to guess the combinations here compared to a regular password, and besides, this works best on a touchscreen and most people don't have one.
d3v
December 19, 2011 at 3:03pm
Most people will probably just draw a line down or something and be done with it. It'll be the touch equivalent of "12345"
hades_2100
December 19, 2011 at 2:03pm
Would love to hear the over-the-phone conversation of someone telling the other party how to unlock their computer:
1) Tap Cathy's nose
2) Draw circle around Bob's head
3) Point to Cindy's nose and drag it to Nancy's nose.
:)
thetechchild
December 19, 2011 at 12:37pm
Picking 4 words, in English, and spelling them all with only lowercase alphabet characters, would be more secure than the majority of all passwords used by the 'average Joe' today. This gesture-based technology is, for one, far too easy to see and memorize.
Also, the smudges are still a valid issue, because it honestly doesn't take too long to guess where it starts and what direction it goes in. At the very least, it'd be much easier for a computer to brute force than an 18-char lower-alpha password, because a dictionary has thousands/millions of words, and there are only 3 gestures that are already vaguely known.
And, of course, this suffers from the same ambiguity of the password as conventional combination locks. Even though, in theory, the combinations of numbers on the lock are many, the combinations that actually need tobe tried are far less, because of the error margin allowed (you could be off by about 3 on any of the 3 numbers, which reduces search space by a lot). The same applies to gestures.
I think it'll be a lot easier for people to just figure out that memorizing a sentence of 6 words will provide a strong enough password that the burden of security lies on the technology as opposed to the password used.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy2 days 6 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj2 days 6 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E4 days 4 hours ago
