So, there has been a lot of hubbub about Windows 8 and the new security mechanism outlined by Microsoft.

To recap, Microsoft recently detailed a new Windows 8 picture password security mechanism.

This feature would allow Windows 8 users to select their own personal picture and using their finger gestures make different patterns over the picture to login.

Recently though, Kenneth Weiss, inventor of RSA’s SecurID token who now runs a three-factor authentication business called Universal Secure Registry, told Network World that it’s not “serious security,” and that the gestures someone makes upon a screen can be easily recorded from a distance.

I think that that criticism is laughable.

I have an enterprise security background and have worked on some very complicated security projects. I have a pretty good understanding of application security and while my credentials may not be are not anywhere near as esteemed as Mr. Weiss, it’s pretty clear to me that he missed the bigger point.

His words:

“I think it’s cute, I don’t think it’s serious security.”

“It’s more like a Fisher-Price toy than a serious choice for secure computer access,” he says.

“Still, it’s better than nothing”

First of all saying it’s not serious security lacks context. Microsoft has a user base of undreds of millions of people and I’d dare say 99.99% of those people don’t work inside secret secure facilities.

They either use Windows at home or at work or at play and their need for security would probably be pretty regular.

This new mechanism is not “better than nothing”, it’s better than what we have now which is (for most users) a guessable password.

Most users dont have secure RSA cards or VPN access because most users don’t need them.

The majority of users will be able to create a secure gesture which will not be guessable by the average friend, family member or co-worker.

Could someone look over your shoulder and see the gesture? Of course!

The same way they could look over your shoulder and see the words you’re typing.

The same way they could use a keylogger and get access to your password.

The same way….

You get the picture.

If you work in a secure, military grade establishment, it’s probably not good enough.

Also, if you have someone who is determined to get your password and is trying to shadow you that closely, you have bigger problems than Microsoft’s security mechanisms.

I’m sorry but this time I have to firmly agree with Microsoft. The picture password security is a big improvement for most consumers.

What do you guys think?

About the Author

Onuora Amobi is the Founder and VP of Digital Marketing at Learn About The Web Inc. Onuora has more than a decade of information security, project management and management consulting experience. He has specialized in the management and deployment of large scale ERP client/server systems.

In addition to being a former Microsoft MVP and the founder and editor of, he is the CEO of a Pasadena based online marketing education startup - Learn About The Web Inc. ( and The Redmond Cloud (

Related Posts

A picture that reveals that 1.24% of Surface owners are already using the Surface Go. Surprising...

Mark your calendars, folks! Microsoft, at its briefing at the IFA 2017 conference today,...

Microsoft late last evening released a new Windows 10 Redstone 3 preview version for PCs, that...

  1. yes, I think you are right. it is enough for almost all consumers, we are not CIA after all.

  2. i think so too. i it more secure that the most passwords that are used

Leave a Reply