As people are more and more aware of their security, Microsoft offers another security function in Windows 8 that is picture password. The idea is that takes any image and then defines a number of gestures laid over it that are used for the authentication process.
Picture passwords are becoming popular among Windows 8 users. People begin to think that are picture passwords more secure than the standard passwords. The question of how secure picture passwords are really enters 'length of string' territory very quickly, and is dependent on many factors - not least what you are comparing that security against: nothing, traditional passwords, two-factor authentication, biometrics?
In order to see the security of picture password we would like compare it to PINs password. If you look at the number of unique PINs on the basis of a four-digit number with ten possibilities from 0000 to 9999 then there are 10,000 permutations in total. Alpha-numeric password strings really do become length of string things, but let's says a basic eight character password has more than 200 billion permutations.
We can also set a similar 'how many permutations' test about picture passwords. Based on Microsoft calculations - which take into account unique gesture positioning and the error ranges in the Windows recognition algorithm - a simple 'four taps' password there could be 178,832,265 possibilities.
Microsoft calculates the more complex circle gesture uniqueness based upon the hacker knowing the radii is somewhere between six and 25 and that X and Y coordinates are between five and 95 as an example, and reckons that as a function of the number of circles would equate to 381,311,037 for four circles.
Moving on to the line, strangely enough the most complex in terms of possibilities, whereby the line itself could be edge to edge or a short segment across a 100 x 100 grid, Microsoft calculates there are 156,687,051,477 unique gestures for a four-line password. Mix taps, circles and lines into one password and the comparisons between PINs and passwords and gestures becomes clearer:
But it's not all about the math. It's also about memory and guess ability, and that's where picture passwords score fairly strongly. They are easy to remember and difficult to guess.
However, another factor we need to consider is that PIN numbers are often memorable dates, and passwords common dictionary words. Cracking it can be easy, it only takes a bit of social engineering or even a quick Google to reveal some likely candidates, and there are software routines that will split open dictionary passwords (even where the user has tried to be 'clever' and obfuscate them a bit) in less time than it took you to read this sentence.
What's more? The picture password system being disabled for remote use to prevent network-based attacks, make it a decent sounding bet as a login alternative for your Windows 8 desktop.
As an additional security for your Windows 8, creating a picture password is a recommended practice. But according to the users, picture password is easy to forget. In this occasion, you can turn to text password to login to your computer. But what if you forgot the text password? At this time, you can take a use of Windows password recovery to reset your text password first.
Download SmartKey Windows Password Recovery Ultimate:comments powered by Disqus