Matt Farrington-Smith
20/12/2011 15:54 | By Matt Farrington-Smith, editor, MSN Tech & Gadgets

Windows 8 to introduce picture passwords

Microsoft has confirmed that picture passwords will be supported in their next operating system - Windows 8.

A new form of password security will be introduced in Windows 8 - a post on the "Building Windows 8" tech blog has revealed. View the blog.

Windows 8 will feature new picture password security. Image Microsoft

Why picture passwords?

But why introduce picture passwords in the first place? Steven Sinofsky - President of Windows Division, explains: "One of the neat things about the availability of a touch screen is that it provides an opportunity to look at a new way to sign in to your PC... Providing a fast and fluid mechanism to sign in with touch is super important, and we all know that using alpha passwords on touch-screen phones is cumbersome."

What is a picture password?

A Windows 8 picture password involves drawing three gestures on a picture of your choice. Instead of having to pick from a generic set of Microsoft images, it is up to the user to select a memorable photo.

When drawing the gestures, you are free to use any combination of circles, straight lines or taps.

It is important to remember the size, position and direction of your gestures (and the order in which you make them) as they all form part of your picture password. You will need to redraw these same gestures whenever you log onto your Windows 8 device.

A visual representation of the picture password scoring function. Image Microsoft

A visual representation of the picture password scoring function.

On the science behind the new method:

When you attempt to sign in with picture password, Windows evaluates the gestures you provide, and compares the set to the gestures you used when you set up your picture password. Windows then looks at the difference between each gesture and decides whether to authenticate you based on the amount of error in the set.

If a gesture type is wrong - it should be a circle, but instead it's a line - authentication will always fail. When the types, ordering, and directionality are all correct, Windows looks at how far off each gesture was from the ones it saw before, and decides if it's close enough to authenticate you.

Not for everyone

Microsoft recognises that this new password system isn't for everyone as Program manager - Zach Pace, explains:

"Although we're very happy with the robustness of a picture password, we know that there are a variety of businesses for which security is paramount, and anything less than a full password is unacceptable. As such, we've implemented group policy that gives a domain administrator the freedom to choose whether picture password can be used. And of course, on your home PC, picture password is optional as well."

A Windows 8 picture password screen. Image Microsoft

Choosing a picture password

As with all forms of authentication there are a number of best practices to follow when it comes to choosing a password.

In a further blog post - Jeff Johnson, the Director of Development, offers password guidance and states some of the reasons why this new security measure is a robust solution.

"It is also interesting to compute the odds of an attack succeeding in various scenarios... Gestures are based on a 100 x 100 grid, giving even the simplest gesture (the tap) a potential of 10,000 values (given proximity matching, this number is effectively reduced to 270). In reality, the number of points of interest (POI) is much lower than that - there are only so many memorable locations in a given photograph."

"We assume that taps are directly on a POI, circles only come in two sizes (say, small around the point, and larger around the point) and two directions (clockwise and counterclockwise), and lines always connect two POIs. Because this isn't strictly true, the number of permutations is actually even greater."

Picture password tips

Pick a photo that has at least 10 points of interest. A point of interest is an area that can serve as a landmark for a gesture - a point that you would touch, places you would connect with a line, an area you would circle.

Use a random mixture of gesture types and sequence.

If you choose to use a tap, a line, and a circle, randomly choose the order of those gestures; this creates 6 times the number of combinations as a predictable order.

Be aware that smudges on the screen could potentially identify your gestures.

About Windows 8

At this juncture it is important to remember that Windows 8 has not been designed exclusively for touch screens and tablets. Yes, it will support touch devices, but a classic Windows can also be found nestling inside. It's just a question of how you want to use Windows 8.

If you're feeling especially adventurous, you can download the Developer preview of Windows 8 and see how the new touch interface works for yourself. A beta version of Windows 8 (containing further new features) will be available to demo in early 2012.

More on MSN: Windows 8 screenshots
Windows 8 to get app store

Follow the editor on Twitter
Find us on Facebook

Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?