Would You Try to Sign In With a Picture Password?

Windows 8 Picture PasswordMicrosoft has been publishing information about some of their projects on their blog as it develops Windows 8. The latest: “Signing in with a picture password.

Many laptops have implemented similar measures to strengthen security. Recently, with the Ice Cream Sandwich upgrade, Android also adopted this feature and now you can use your own face to unlock your smartphone.

Now Microsoft wants to strengthen security and make PCs unbreakable. As security measures start to become more complex and passwords require more complicated combinations of characters, numbers and symbols, Microsoft wants to introduce “a fast and fluid touch sign-in experience that is also personal to you.”

How Picture Sign In works

According to Microsoft, there are two parts: one is the picture from your photo collection and the second part is a set of gestures that you will draw on this image. You can decide which portions of the picture are important and you can draw a gesture that will be your sign in. You can choose one of three gestures: tap, line, and circle. But be careful: remember the way you draw them–drawing the gestures in a different order won’t let you gain access.

Will I be able to use it?

It’s pretty simple and effective–and imagine not having to remember 100 passwords for 100 different accounts. Just remember the portion of the picture you’ve chosen and the order of the gestures to draw over it.

Windows 8 Tap Gesture PasswordFor example, Microsoft is showing how they will be recording the gestures. First, each image is split in grid lines (100 x 100); based on this and the actual coordinates (X and Y), the software records your gesture. For example, when you do a circle gesture, the center point coordinate, the radius, and the direction of the drawn circle is recorded. For a line, it records the start position, the end position and the direction of the drawn line. The tap gesture is a less complex, because Microsoft says its “scoring function compares the distance between the gesture you recorded as part of your picture password and the one that you just performed” as the only thing checked. Still, you have to be accurate and score at least 90 percent if you to match your initial tap gesture. According to Microsoft:

Picture password is a new way to sign in to Windows 8 that is currently in the Developer Preview. Let’s go behind the scenes and see how secure this is and how it was built. One of the neat things about the availability of a touch screen is that it provides an opportunity to look at a new way to sign in to your PC. While many of us might prefer to remove the friction of getting to a PC by running without a password, for most of us, and in most situations this is not the case or is at least unwise. Providing a fast and fluid mechanism to sign in with touch is super important, and we all know that using alpha passwords on touch-screen phones is cumbersome. This post is authored by Zach Pace, a program manager on our You Centered Experience team, and looks at the implementation and security of picture password in Windows 8. Just as a note, you can also use a mouse with picture password too, just by using some click and/or drag actions.