Windows 8 Picture Password Security Called Into Question

Microsoft has put a lot of focus into making Windows and IE a more secure experience in Windows 8. Microsoft has crafted changes in the boot process, added antivirus protection into the included Windows Defender, and even created a Window Defender Offline program that can be used to check the boot sequence for malware.

The folks at Redmond have responded rather quickly to potential security threats and seem to be doing a pretty good job in general.

To be fair, in the last several years Microsoft has made several in-roads that have improved Microsoft’s state of security, especially in comparison to its early days on the net with Windows 95.

Despite these changes in security there is one move that Kenneth Weiss, inventor of RSA’s SecurID token, believes isn’t really helping users stay more secure. Yes, I’m talking about the new picture/gesture log-in feature in Windows 8.

According to Kenneth, “I think it’s cute. I don’t think it’s serious security”.

The idea is that alphanumeric passwords are designed with a better sense of security for two main reasons. First, if someone is watching from the distance all they will see is dots or ‘stars’, not the actual password being typed. The second reason is that it is really hard to keep a copy of the gestures you make for backup, in case your forgot for example.

He was even so harsh as to compare the technology to a Fisher-Price toy, as opposed to real secure computer technology.

While he does have a point, the primary target of picture passwords probably won’t care. The fact is that know dozens of less techie-types that have passwords on their computers. When I ask why, they usually respond with, “I actually don’t have a good reason… I only use this for browsing”.

Also the truth is if you are worried about a thief stealing your highly-mobile devices, a simple password (even of the alpha-numeric kind) isn’t going to stop them from swiping your device and wiping the drive.

The picture password is obviously targeted more at the casual tablet user, those that have literally nothing worth hiding on their machine, except maybe those XXX sites they shouldn’t have been looking at or something.

For these types of users, a picture password is more convenient and offers ‘just enough’ security to keep their friends and snoopy family out. No it won’t stop that James Bond-style thief from cutting a small hole in your roof, sending down a camera, and recording your pattern all in effort to steal those forty-three vanity shoots you took of yourself and put on your tablet… but that really isn’t the point.

For business security, even traditional Windows passwords aren’t hardly ever enough because there are easy work-arounds to get through. When it comes to serious security, yes, I agree that Picture passwords probably won’t cut it.

Still, for most users this provides a fun and easy way to log in and is amble protection for their needs.

What do you think of Microsoft’s “picture password” system? Is it a Fisher-Price toy or a perfectly fine option for those with nothing too serious to protect?

Will you consider using picture password or stick with traditional alpha-numeric options? Share your thoughts below.

Please Leave Your Comments Below...