Windows 8: Picture Password is just a toy?

For the inventor of SecurID, Windows 8’s Picture Password is nothing more than a Fisher Price toy.

Microsoft recently detailed their Picture Password function to be present in the Windows 8 operating system which allows you to define and enter a password using tactile movements on a photo.

Users can choose a particular photo from their personal collection, and then select three movements – taps, circles and lines – which form the password that has to be entered by the user to unlock the screen.

For Picture Password, Microsoft has implemented a few security procedures (see our news) and assures users that the solution is robust from a security point of view. Nevertheless, this is an optional function which doesn’t replace the text password but rather provides a practical alternative for tablets to make their user easier and faster for users.

According to Kenneth Weiss, "it’s cute" but "it’s not serious for secure access to the computer", with Picture Password compared to a "Fisher Price toy".  The man is known for inventing the two factor RSA SecurID authentication type (the security division of EMC), although he is now working independently to RSA on a three factor authentication type.

For Kenneth Weiss, drawing on a photo with a tactile screen can be easily recorded by video, even from a certain distance, while the more traditional password system allows for the use of special characters which can be hidden. He also believes that the backing up of a system like Picture Password isn’t easy and requires too much coding.

In any event, Microsoft recommends cleaning the screen regularly to limit the finger marks that can be left on it, while entering your password should also be done when others aren’t watching. Such recommendations don’t get around the comment of video recording, although in some ways this is also relevant to traditional password entering as well.