Windows 8 Picture Password: Is It Secure Enough?

One of the most noticeable improvements in Windows 8 is that there’re kinds of password protection: conventional text password, picture password, and PIN logon. For the picture password, it requires a user to draw or gesture on a touchscreen, using features on a picture as reference points.

In a post from Microsoft’s building Windows 8 blog, there’s more detail on how it works. First off, the picture that the user chooses is broken up into a system of grids. Then, as you place gestures on the picture, the system records the (X1,Y1,) co ordinates of the starting point and then records the (X,Y) co ordinates for each point in the pattern that you draw as well as the ending co ordinates for lines. For circles it will record the radius and the direction of the circle.
picture password

In Windows 8 blog, Microsoft also outlines the security of picture password. Given the kinds of simple passwords many users rely upon, the picture password could well be more secure for numerous people. But Microsoft acknowledges that smudges on the screen or recording devices could theoretically allow the gesture password to be compromised, but says the risk is very low.

However, not everyone agrees. Kenneth Weiss, who runs Universal Secure Registry, is considered the father of 2-factor authentication by virtue of his invention of the RSA SecurID token. The security expert says the new Windows 8 picture password feature is “cute” but that he does’t think it’s “serious security.””It’s more like a Fisher-Price toy than a serious choice for secure computer access,” says Weiss. Then, what’s your opinion?