Last updated: 21 March 2014
Windows 8 launched to much fanfare last month, aiming to revolutionize both the traditional PC desktop experience and the business use of tablet devices. In the most drastic redesign of Windows since the 95 version, users are offered a more tightly-knit interactive experience than ever before.
This includes some interesting technology that is not currently being used on many devices: picture passwords. This is not the same thing as having an integrated camera map your facial features, allowing you to log in without the need for remembering passwords (though I would hope that people do not use this as the sole authentication method. It is much more effective as part of a multi-factor process).
The iPad mini and Microsoft’s Surface tablet are the latest touch devices to hit the market, potentially attracting a whole new wave of consumers. Microsoft is understandably keen to get a big slice of the tablet pie and Windows 8 and Surface represent their most concerted effort yet to break the dominance of Apple and Google devices.
Indeed, Microsoft has been trumpeting its picture password feature since last year. It works by selecting a picture from your own gallery, before programming a set of gestures on top of it. CBT Nuggets published an easy-to-understand guide that helps explain this feature:
By using a unique image it is, in theory, harder for potential hackers to know the gesture pattern that you use to access your account. However, many pictures have stand-out features that draw the eye and I predict that many users will program obvious gestures, such as tapping each corner or each face in the picture. It’s already clear that people dislike having to remember different passwords, whether numbers, letters, a combination, or, I predict, gestures.
CNET wrote last month that Microsoft’s picture password ad was a little confusing, arguing that ‘real people want things technological to be simple’. When you consider that CIOs also often face the dilemma of convenience versus security, I wonder how many people will actually use picture passwords on a regular basis.
Added to the fact that sophisticated hackers can install software that tracks your cursor and keyboard taps, I would advise caution against depending on picture recognition to access your accounts. However, used as part of a multi-factor process, including something you know, something you have and something you are, picture passwords give us another layer of security against potential hackers which can augment a defense in depth strategy. But as we add more layers, we in the security industry also have to make sure we are asking ourselves “are we providing the security needed while making security actually easy to use and if possible transparent to the end user?”
Are you using Windows 8 and are you planning on using picture password protection? Let us know your experiences in the comments box below.