Microsoft have released a blog post that goes into detail about their new picture password feature.
This feature allows Windows 8 users to select their own personal picture and using their finger gestures make different patterns over the picture to login.
The post was written by Zach Pace in the blog.
Some of the key highlights:
Once you have selected an image, we divide the image into a grid. The longest dimension of the image is divided into 100 segments. The shorter dimension is then divided on that scale to create the grid upon which you draw gestures.
To set up your picture password, you then place your gestures on the field we create. Individual points are defined by their coordinate (x,y) position on the grid. For the line, we record the starting and ending coordinates, as well as the order in which they occur. We use the ordering information to determine the direction the line was drawn in. For the circle, we record a center point coordinate, the radius of the circle, and its directionality. For the tap, we record the coordinate of the touch point.
When you attempt to sign in with Picture Password we evaluate the gestures you provide, and compare the set to the gestures you used when you set up your picture password. We take a look at the difference between each gesture and decide whether to authenticate you based on the amount of error in the set. If a gesture type is wrong—it should be a circle, but instead it’s a line—authentication will always fail. When the types, ordering, and directionality are all correct, we take a look at how far off each gesture was from the ones we’ve seen before, and decide if it’s close enough to authenticate you.
“Picture password is provided as a login mechanism in addition to your text password, not as a replacement for it,” notes Pace. “You should be sure to have a good hint and use safeguarding mechanisms for your text password, which you can still always use to sign in.”
Microsoft filed a patent for the feature in February, 2008.
Check out the full video for it here.