How You Can Log Into Windows 8 by Touching Pictures

With new login methods such as Face Unlock or the pattern from Android, typing in a password seems so last-decade. Microsoft feels the same way and will be adding a new way to log into Windows 8.

Windows 8 Picture Login

Microsoft's Jeff Johnson, the Director of Development for the User Experience team, followed up on this with a blog post on the B8 blog with some recommendations for best practices for those who plan to use this login method:

  • Pick a photo that has at least 10 points of interest. A point of interest is an area that can serve as a landmark for a gesture – a point that you would touch, places you would connect with a line, an area you would circle.
  • Use a random mixture of gesture types and sequence. While a line is the gesture that has the most permutations, if you always use 3 lines, that actually makes it easier for an attacker, as they can rule out trying sequences with the other gesture types.
  • If you choose to use a tap, a line, and a circle, randomly choose the order of those gestures; this creates 6 times the number of combinations as a predictable order.
  • For circle gestures, randomly choose whether you draw it clockwise or counterclockwise. Also consider making the size of the circle bigger or smaller than the “expected” size.
  • For line gestures, your instinct may be to always draw from left to right, but it is more secure if you randomly choose the direction with which you connect the two points.
  • As with all forms of authentication, when entering your picture password, avoid allowing other people to watch you as you sign in.
  • Keep your computer in a secure location where unauthorized people do not have physical access to it.  As with any password entry, be aware of line of sight and potential recording devices that intrude on your screen.
  • Be aware that smudges on the screen could potentially identify your gestures. Clean your screen thoroughly on a regular basis. Although this increases the risk if you clean, sign in, and then do nothing, the buildup of oils from repeated use is generally easier for an attacker to see (plus, who likes using an oily device?). Note that buildup is more of an issue for entering numeric PINs, when the device is frequently turned on and off and you enter the sequence dozens of times a day (oils can build up in those locations). Periodically look at your screen at an oblique angle while on the picture password login screen and see if there appears to be a pattern pointing to your gesture sequence. If so, either clean your screen or add a handful of additional smudges in the picture password area (which effectively increases the POIs discussed below
     

Be sure to hit the full post for an in-depth analysis regarding the different security considerations that Microsoft is currently making with Windows 8.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
47 comments
    Your comment
    Top Comments
  • How about logging in with a password?
    19
  • You guys sure take changes really, really bad.
    This isn't a bad thing, you can always use a password or picture pw. It's better to have the option to choose between 2 things than being forced to use only 1.
    19
  • Seriously people, relax. These are options. Some may be turned on or off in the beginning but you will be able to turn them on or off if you like.

    There is already so much hate for windows 8 you people will be using xp for another decade.
    12
  • Other Comments
  • So instead of hearing about people being "hacked" because they used the same "password" password for everything, what will we hear?

    I'm guessing porn picture+10 taps of the vagina.
    8
  • I'm not 'upgrading' to Windows 8. Lol
    -1
  • I think this is a bit odd. I would rather have a recorded face recognition matching while saying a pass phrase. This would work to allow admins direct access to any account depending on which pass phrase they use. All this would require is a simple 20 sec pre recorded clip of you saying the phrase for a match.
    -1