Skip to main content

Windows 8 to Include Picture Passwords

Windows 8 will offer a different way to keep your personal account secure beyond the traditionally typed password: picture passwords that let you login by selecting certain sections of an image.

A similar technology has been used in mobile devices sporting the Apple iOS and Android operating systems, so it seems logical that Microsoft would bring the technology to its next gen operating system that has tablets and other mobile devices in-mind.

"At its core, the picture password feature is designed to highlight the parts of an image that are important to you," said a Microsoft spokesperson in a blog post. "It requires a set of gestures that allow you to accomplish this quickly and confidently."

Explaining the process, Microsoft's Zach Pace says that when creating the picture password, Windows 8 remembers the direction used when drawing. This means that should the user circle a person's face, or a specific feature of the image, it will recall whether they went clockwise or anti-clockwise. Similarly, if they draw a straight line, whether it goes left to right, right to left or any other combination, it will be remembered.

This is achieved with a grid system. Pictures are divided up, with X and Y axis taken into consideration when lines are drawn. With circles, the radius and direction are also recorded. Taps are noted using the grid.

As well as it making the password experience far quicker as well as easier to remember, Microsoft claims the picture based system is far more unique and therefore harder to guess and/or crack. According to the blog, with an 8 character length password mixing in letters and numbers, the maximum number of options is just under 9 trillion. However, an image and gesture controlled security procedure with up to 8 taps has a much larger 13.1 quadrillion (1 quadrillion = 1,000 trillion) options.

Combining 5 circles, lines and taps gives just under 400 trillion possibilities. Compared with a number pin code that only has 100,000 variants - even with a complicated alphanumeric password you only get 182 million. Clearly from these values, Microsoft's new image based security makes it much harder for a brute force hack to be successful.

"Through our research and refinement of both the experience and the concept, we believe we've hit on a method of signing in that's secure but also a lot of fun to use," said Pace.

"We love picture password and the additional personal flavor it brings to Windows 8, and we hope you do too!"

There is one concern with this method of sign-in though: smudges. To dispel this issue, Pace discussed the perfect storm. Describing that in a worst-case scenario a user cleaned their touch screen, put the password in and walked away. A thief then steals the tablet and is able to see every gesture in finger smudge. The problem for the nefarious individual, is that they have no idea of direction. Even using only four lines, circles and taps, Microsoft extrapolates that there would still be over 380 permutations, purely because of that one crucial bit of missing information.

Dipping his toes into almost everything that could be labeled 'nerdy' in his free time, Jon has been writing about technology for over half a decade. While mainly focusing on PC hardware thoughout this time, today he's more varied, covering everything from gaming to general electronics, industry perspectives and consoles. As well as writing for different sites, Jon enjoys wargaming, reading and PC gaming, hoping to balance out these geeky pastimes with fire spinning and MMA.