Quantcast

Picture Passwords Let You Unlock Your Device By Drawing On A Family Photo

Microsoft testing a new way to access Windows 8

Get the WebProNews Newsletter:
Picture Passwords Let You Unlock Your Device By Drawing On A Family Photo
[ Technology]

In a blog post published Friday, Microsoft talks about their latest technology currently in Developer Preview – and it has to do with security. Passwords, to be specific.

But not just ordinary alphanumeric passwords. The dev team talks about what they hope to be the future of Windows 8 security – picture passwords.

First off, they begin with the premise that creating a solid alphanumeric password is important, but all of the “capitalize one letter” and “include at least two punctuation marks” types of requirements has made the process unnecessarily cumbersome – especially when trying to enter them on smartphones. Even the PIN system of 4 or so numbers (like you see on the iPhone) is tricky for two reason: On one hand, you want something that’s easy to remember, but common passwords like 1234 and 9999 are the most easily guessed. So you might want to pick a sequence that means something to you. like your birthday – but then that can be broken if someone has even the slightest bit of info about you.

Their solution is the picture password, and it’s pretty simple.

It basically works on four variables. Type of gesture, location of gesture, direction of gesture and order or gesture.

When a user sets up a picture password, they pick their own picture from their library. It could be a photo of the user and their dog, or a family photo from last Thanksgiving. The point is that’s is specific and personal to the user. They are then given a grid to set up their gestures.

There are three types of gestures: a single point, a circle, and a line. The password is a set of these three gestures. On that hypothetical picture my dog and me, I could for instance draw a circle around the dog’s head, and line from his paw to my face, and a dot on my right knee. Here’s how it looks on one of Microsoft’s text photos:

When the system is judging your swipes to see if you are allowed entry, it takes into account not only the location of your swipes (as in did I draw the line from the paw to the face), but the direction of those gestures and the order in which I perform the three gestures. So, where I begin my circle gesture around the head or which direction I draw the line matters.

According to Microsoft’s test, people were able to complete the gestures in less than 4 seconds. And the combination of gestures is far wider than that or a PIN. In fact, a three-gesture picture password (1,155,509,083) provides about the same “security promise” (measured in possible combinations) as a 5-6 character password.

And what about smudges? They remind us that since the direction of gestures and order or gestures matter, smudges giving your password away shouldn’t be a huge concern:

We’ve also taken some practical considerations to protect you if you use Picture Password. People are often concerned with the smudges left behind on a touch screen and how easy or hard it would be to divine your password based on those markings. Because the order of gestures, their direction and location all matter, it makes the prospect of guessing the correct gesture set based on smudging very difficult even in the completely clean screen case, let alone on a screen that sees regular touch use.

Not quite as awesome as that virtual reality HoloDesk thing – but nicely played, Microsoft.

What do you think? Would you like to draw on a family photo in order to unlock your device? Let us know in the comments.

Picture Passwords Let You Unlock Your Device By Drawing On A Family Photo
Top Rated White Papers and Resources
  • http://www.PlacesToEatOkay.com Steve G

    I just see touchscreens being the thing of the past when you consider Kinect is going to be introduced for the PC soon. I think gesturing is a great idea for system passwords or master passwords (which allow you to unlock everything), but to be honest if we all switched over everything to gestures we do on pictures on a site to site, or even application to application basis it’s not like you can write them down somewhere as easily as you can a password. I still think biometrics is best where nobody has to remember a password or gesture at all. The person becomes the password. Just like Kinect made us all the controllers of Xbox games, so should we be the password of our accounts, apps, and devices.

  • ashbash

    I think a picture as a password is genius…its better than a reg password, a pattern or even numeric! I seriously would love to have it on my Droid bionic