Windows 8 Picture Password Explained
Traditionally we had face detection, typing in a PIN or simply drawing some lines as forms of passwords in our tablets and touch enabled PCs. But Windows 8's picture password is all set to change the way we log in to our devices with much greater security than the traditional methods. Microsoft believes that it can take up to 30 seconds or more to type in a complex password on a touch keyboard, so taking this into account they have deduced the picture password concept making it fast and fluid for a better signing in experience. Of course there will be option to sign in with the Windows password as well. The whole process has been explained in a official #-Link-Snipped-#from Microsoft.
#-Link-Snipped-#
Signing in with a picture password has been divided in two basic operations: taking a picture from the picture collection and a set of gestures that are drawn on the pictures. The picture is scaled and divided into 100 square units along the length and gestures are tracked on the invisible grid. The gestures involve drawing a combination of figures i.e. a line, a circle and a dot (done by tapping the screen once). In the picture password, while drawing a line, the start and end points are defined by coordinate points and the order in which they occur. This means the algorithm tracks not only the particular coordinate points but also the sequence of points in which they occur.
#-Link-Snipped-#
Similarly while taking into consideration the Tap gesture, the particular coordinate is marked on the picture while setting the password and during the signing in process the algorithm checks for a match of up to 90% accuracy. If the algorithm detects that the tap gesture is less than 90% accurate, then it denies login into the device. Visually the algorithm for the tap gesture can be represented as follows:
#-Link-Snipped-#
The Picture Password can be assumed to be the most secure way of logging in. Making some mathematical calculations of comparing traditional methods of entering password and the picture password we get the following results making the picture password more secure.
* A combination of 3 tap gestures can form 2,743,206 combinations,
* A combination of 3 circle gestures can form 4,509,567 combinations and
* A combination of 3 line gestures can form 412,096,718 combinations.
These figure means we can form about 1,155,509,083 passwords just by combining the above three gestures.
There could be a few possible flaws of using the picture password, one of them could be the hijacker looking over the shoulders of the user to get a view from behind and access the device later. In which case the user needs to be pretty much aware of such possibilities. Another possible flaw could be the guessing of the password based on the finger print pattern on the display, in which case the attacker would only have five attempts to get through after which the user have to enter their Windows password.
Here's a demo of the Picture Password concept:
<object width="640" height="360" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="src" value="https://www.youtube.com/v/aifR2ZGCXcY?version=3&hl=en_US" /><param name="allowfullscreen" value="true" /><embed width="640" height="360" type="application/x-shockwave-flash" src="https://www.youtube.com/v/aifR2ZGCXcY?version=3&hl=en_US" allowFullScreen="true" allowscriptaccess="always" allowfullscreen="true" /></object>
#-Link-Snipped-#
Signing in with a picture password has been divided in two basic operations: taking a picture from the picture collection and a set of gestures that are drawn on the pictures. The picture is scaled and divided into 100 square units along the length and gestures are tracked on the invisible grid. The gestures involve drawing a combination of figures i.e. a line, a circle and a dot (done by tapping the screen once). In the picture password, while drawing a line, the start and end points are defined by coordinate points and the order in which they occur. This means the algorithm tracks not only the particular coordinate points but also the sequence of points in which they occur.
#-Link-Snipped-#
Similarly while taking into consideration the Tap gesture, the particular coordinate is marked on the picture while setting the password and during the signing in process the algorithm checks for a match of up to 90% accuracy. If the algorithm detects that the tap gesture is less than 90% accurate, then it denies login into the device. Visually the algorithm for the tap gesture can be represented as follows:
#-Link-Snipped-#
The Picture Password can be assumed to be the most secure way of logging in. Making some mathematical calculations of comparing traditional methods of entering password and the picture password we get the following results making the picture password more secure.
* A combination of 3 tap gestures can form 2,743,206 combinations,
* A combination of 3 circle gestures can form 4,509,567 combinations and
* A combination of 3 line gestures can form 412,096,718 combinations.
These figure means we can form about 1,155,509,083 passwords just by combining the above three gestures.
There could be a few possible flaws of using the picture password, one of them could be the hijacker looking over the shoulders of the user to get a view from behind and access the device later. In which case the user needs to be pretty much aware of such possibilities. Another possible flaw could be the guessing of the password based on the finger print pattern on the display, in which case the attacker would only have five attempts to get through after which the user have to enter their Windows password.
Here's a demo of the Picture Password concept:
<object width="640" height="360" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="src" value="https://www.youtube.com/v/aifR2ZGCXcY?version=3&hl=en_US" /><param name="allowfullscreen" value="true" /><embed width="640" height="360" type="application/x-shockwave-flash" src="https://www.youtube.com/v/aifR2ZGCXcY?version=3&hl=en_US" allowFullScreen="true" allowscriptaccess="always" allowfullscreen="true" /></object>
0