One of IBM’s five-year predictions—biometric passwords—is already becoming reality. The TV crime shows have had a heyday with plot lines of grisly murders committed to gain the fingerprints or iris needed to scan and unlock the door to some super-secret valuable.
But Microsoft’s picture password planned for Windows 8, though not exactly biometric, is taking some heat. It’s designed to make logging in faster and more effective than a choice between a weak or too-hard-to-remember alphanumeric password. It’s an example of the ways Microsoft is adding features from mobile phones to its new PC OS, which is due for a beta release in February.
The password works like this: You take a photo stored on your PC and, with your finger, scrawl something on it. Business Insider says that will be some combination of tap, circle and line. You’ll still have to remember which photo and which gestures you use. Writes Jule Bort:
You’ll also have to be fairly accurate in where your finger goes. If your password involves a picture of your ex, and a pair of devil horns, you’ll have to put those horns in roughly the same spot every time.
It’s like a built-in guard making sure you can’t log onto your computer when you’re drunk.
Yet Kenneth Weiss, who now runs a security business called
Universal Secure Registry, told Network World:
I don’t think it’s serious security. It’s more like a Fisher-Price toy than a serious choice for secure computer access.
The main problem is that whatever swipe you make on the screen could be videotaped and replicated later, says Weiss, who invented RSA’s SecurID token Of course he’s promoting his three-factor authentication business and taking a swipe, so to speak, at two-factor authentication.
In a piece at Forbes, Curtis Staker, president and CEO of Confident Technologies, says traditional authentication methods are hampering e-commerce and calls for new strategies. After all, it’s pretty tough to type strong passwords on a phone keypad. His company, too, offers picture-based authentication.