Sign in with
Sign up | Sign in

How You Can Log Into Windows 8 by Touching Pictures

By - Source: Tom's Hardware US | B 47 comments

Beware of smudges on your future Windows 8 machine.

With new login methods such as Face Unlock or the pattern from Android, typing in a password seems so last-decade. Microsoft feels the same way and will be adding a new way to log into Windows 8.

Windows 8 Picture Login

Microsoft's Jeff Johnson, the Director of Development for the User Experience team, followed up on this with a blog post on the B8 blog with some recommendations for best practices for those who plan to use this login method:

  • Pick a photo that has at least 10 points of interest. A point of interest is an area that can serve as a landmark for a gesture – a point that you would touch, places you would connect with a line, an area you would circle.
  • Use a random mixture of gesture types and sequence. While a line is the gesture that has the most permutations, if you always use 3 lines, that actually makes it easier for an attacker, as they can rule out trying sequences with the other gesture types.
  • If you choose to use a tap, a line, and a circle, randomly choose the order of those gestures; this creates 6 times the number of combinations as a predictable order.
  • For circle gestures, randomly choose whether you draw it clockwise or counterclockwise. Also consider making the size of the circle bigger or smaller than the “expected” size.
  • For line gestures, your instinct may be to always draw from left to right, but it is more secure if you randomly choose the direction with which you connect the two points.
  • As with all forms of authentication, when entering your picture password, avoid allowing other people to watch you as you sign in.
  • Keep your computer in a secure location where unauthorized people do not have physical access to it.  As with any password entry, be aware of line of sight and potential recording devices that intrude on your screen.
  • Be aware that smudges on the screen could potentially identify your gestures. Clean your screen thoroughly on a regular basis. Although this increases the risk if you clean, sign in, and then do nothing, the buildup of oils from repeated use is generally easier for an attacker to see (plus, who likes using an oily device?). Note that buildup is more of an issue for entering numeric PINs, when the device is frequently turned on and off and you enter the sequence dozens of times a day (oils can build up in those locations). Periodically look at your screen at an oblique angle while on the picture password login screen and see if there appears to be a pattern pointing to your gesture sequence. If so, either clean your screen or add a handful of additional smudges in the picture password area (which effectively increases the POIs discussed below
     

Be sure to hit the full post for an in-depth analysis regarding the different security considerations that Microsoft is currently making with Windows 8.

Display 47 Comments.
This thread is closed for comments
Top Comments
  • 19 Hide
    math1337 , December 25, 2011 11:55 AM
    How about logging in with a password?
  • 19 Hide
    synd , December 25, 2011 2:25 PM
    You guys sure take changes really, really bad.
    This isn't a bad thing, you can always use a password or picture pw. It's better to have the option to choose between 2 things than being forced to use only 1.
  • 12 Hide
    Anonymous , December 25, 2011 2:52 PM
    Seriously people, relax. These are options. Some may be turned on or off in the beginning but you will be able to turn them on or off if you like.

    There is already so much hate for windows 8 you people will be using xp for another decade.
Other Comments
  • 8 Hide
    keyanf , December 25, 2011 11:11 AM
    So instead of hearing about people being "hacked" because they used the same "password" password for everything, what will we hear?

    I'm guessing porn picture+10 taps of the vagina.
  • -1 Hide
    Target3 , December 25, 2011 11:26 AM
    I'm not 'upgrading' to Windows 8. Lol
  • -1 Hide
    elbert , December 25, 2011 11:53 AM
    I think this is a bit odd. I would rather have a recorded face recognition matching while saying a pass phrase. This would work to allow admins direct access to any account depending on which pass phrase they use. All this would require is a simple 20 sec pre recorded clip of you saying the phrase for a match.
  • 19 Hide
    math1337 , December 25, 2011 11:55 AM
    How about logging in with a password?
  • -3 Hide
    nforce4max , December 25, 2011 12:13 PM
    Great maybe one of my chickens can be trained to use Win8 lol. Being in the networking and security field this is a huge risk and isn't worth it. Even if it is tablets they still can hold sensitive data that can be stolen and used such as company records or personal info like SSN or credit card #.
  • 8 Hide
    Anonymous , December 25, 2011 1:06 PM
    someone please stop those idiots! windows 8 development it's getting out of control!!!
  • -4 Hide
    Anonymous , December 25, 2011 1:11 PM
    innovate! find a way for windows to stop crashing, get rid of BSoD once and for all; don't find another 100 ways for us to sign in...morons!!!
  • 0 Hide
    cookoy , December 25, 2011 1:20 PM
    A simple popup virtual keyboard would do.
  • 9 Hide
    synth0 , December 25, 2011 1:51 PM
    I think that's a nice feature. The guys who have 'security problems' probably forgot that most people don't use a password login at all on Windows. Even less people have a password on a tablet.
  • 0 Hide
    bvsbutthd101 , December 25, 2011 1:56 PM
    I have a great idea. Lets use a device that has a bunch of letters and commands on it and maybe we'll call it a keyboard. Than in the choose password section we can type out the password we want. Perfect solution. I'm a freakin genius!!!!!
  • 19 Hide
    synd , December 25, 2011 2:25 PM
    You guys sure take changes really, really bad.
    This isn't a bad thing, you can always use a password or picture pw. It's better to have the option to choose between 2 things than being forced to use only 1.
  • 2 Hide
    dickcheney , December 25, 2011 2:51 PM
    This has been announced when the Dev preview came out... OLD news is old.
  • 12 Hide
    Anonymous , December 25, 2011 2:52 PM
    Seriously people, relax. These are options. Some may be turned on or off in the beginning but you will be able to turn them on or off if you like.

    There is already so much hate for windows 8 you people will be using xp for another decade.
  • 2 Hide
    Anonymous , December 25, 2011 3:10 PM
    The algorithms for unlocking or breaking passwords are to predict passwords and break into machines. Now,Here picture taping sequence and gestures can be predicted with permutation and combinations.But,advantages are no need of cam like face recognition or no need of fingure tips detector on machine.Its good alternative to regular password.
  • -4 Hide
    bvsbutthd101 , December 25, 2011 3:29 PM
    nobodies actually taking this seriously. It's called joking around. Even if there was 20 different ways to have a password I could care less.
  • 2 Hide
    fb39ca4 , December 25, 2011 4:00 PM
    the most secure way to have a password on a touchscreen device is to have a virtual keypad/keyboard where all of the keys are randomly arranged each time you log on, otherwise the areas where the keys used in the password are will stand out due to smudging.
  • 0 Hide
    bvsbutthd101 , December 25, 2011 4:03 PM
    fb39ca4the most secure way to have a password on a touchscreen device is to have a virtual keypad/keyboard where all of the keys are randomly arranged each time you log on, otherwise the areas where the keys used in the password are will stand out due to smudging.

    now that sounds pretty good to me
  • 0 Hide
    Anonymous , December 25, 2011 4:15 PM
    Come on guys, chill out. That's a nice method, and if you took note of the "password", it would be hard to understand by anyone else.

    Now, if you're really frustrated, just be creative when applying step 1, "Pick a photo that has at least 10 points of interest":
    Get a nice and "complex" picture from your favourite porn star. It's guaranteed to have lots of points of interest, and it'd be fun to apply all those gestures on them... LOL!
  • 0 Hide
    lradunovic77 , December 25, 2011 4:29 PM
    Dear Zach, A PC is not Phone or Tablet. Dear Microsoft, you are doing it wrong again.
  • 2 Hide
    lradunovic77 , December 25, 2011 4:40 PM
    How about i get mad after anyone tries to use their dirty fingers on my 27" screen before i need to play BF3.
Display more comments