Microsoft's Windows 8 Picture Password Detailed

 
 
By Nicholas Kolakowski  |  Posted 2011-12-19 Email Print this article Print
 
 
 
 
 
 
 

Microsoft has detailed its Windows 8 Picture Password protection, insisting that it's as secure as traditional numbers-and-letters input.

At September's BUILD conference, Microsoft took an auditorium of developers on a deep dive into the upcoming Windows 8. Among the features revealed in passing was a rather unique way of safeguarding the operating system from unauthorized users: a "Picture Password" that required touching parts of an image in order to move past the initial lock screen.

Now Microsoft is revealing more details about the "Picture Password" sign-in. First, users will choose a personal image; then, a series of gestures (tap, lines, and circles) to "unlock" the Windows 8 interface. That relatively simple process required a good deal of thought on the part of Microsoft's engineers, who needed to solve problems such as how much margin of error they'd allow users' gestures.

"We take a look at the difference between each gesture and decide whether to authenticate you based on the amount of error in a set," Zach Pace, a program manager for Microsoft's You Centered Experience team, wrote in a Dec. 16 posting on the Building Windows 8 blog. "When the types, ordering, and directionality are all correct, we take a look at how far off each gesture was from the ones we've seen before, and decide if it's close enough to authenticate you."

He also argued that drawing on an image offers security on par with entering numbers and letters into a keypad. Taps, lines and circles on a set grid can translate into billions of possible gesture sets. Moreover, Microsoft is baking additional security measures into Picture Password.

"When you enter your picture password incorrectly 5 times, you are prevented from using the feature again until you sign in with your plain text password," he wrote. "Also, picture password is disabled in remote and network scenarios, preventing network attacks against the feature."

In theory, potential thieves would have trouble guessing your Picture Password based on telltale smudges on a screen. "Because the order of gestures, their direction and location all matter," he added, "it makes the prospect of guessing the correct gesture set based on smudging very difficult even in the completely clean screen case, let alone on a screen that sees regular touch use." 

Microsoft has revealed several aspects of Windows 8 of late. Earlier in December, it unveiled Windows Store, its long-anticipated applications storefront for the operating system.

In the battle against Apple's App Store, Microsoft is likely banking on Windows 8 attracting a broad audience of both consumers and business users, which in turn would generate a significant market for everything from games to enterprise applications. Businesses are a key audience for Microsoft products, and thus a target of the company's earliest communications regarding its new storefront.

Microsoft has announced that the Windows 8 beta will arrive in February. Unlike previous versions of the operating system with their desktop-style interface, the operating system's start screen centers on a set of colorful, touchable tiles linked to applications-the better to port it onto tablets and other touch-centric form-factors. The final version is reportedly due later in 2012.

Follow Nicholas Kolakowski on Twitter 

 


 
 
 
 
Nicholas Kolakowski is a staff editor at eWEEK, covering Microsoft and other companies in the enterprise space, as well as evolving technology such as tablet PCs. His work has appeared in The Washington Post, Playboy, WebMD, AARP the Magazine, AutoWeek, Washington City Paper, Trader Monthly, and Private Air. He lives in Brooklyn, New York.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel