One of the coolest things that we’ve seen come from Windows 8 is the new picture password log on feature. For those of you who don’t know, this is a new method of logging in. All the user has to do is draw a pattern and tap in a certain location and sequence to unlock their PC. It’s quite a cool feature if you ask me, however it’s been slated be some security experts.
Kenneth Weiss runs a three-factor authentication business called Universal Secure Registry and is the inventor of RSA’s SecurID token. Here’s what he had to say about it
I think it’s cute, I don’t think it’s serious security
Well that doesn’t say too much for it now then does it. Kenneth actually described it more like a Fisher-Price toy than a serious choice for secure computer access.
The concept is good, but from a security perspective there is some flaws. For example, if anyone sees you input the pattern it’s quite easy for them to remember. Unlike a traditional password where the pin/password that you enter is displayed as “*”, you’ll be able to see exactly what the user’s entering. Also it’s a bit of a pain trying to right down what your pattern is in case you forget it. It would have to be quite long winded to make sure that you get the pattern right.
However, because it’s so quick and simple to set one up and enter the password, I think we may find that more people will start using this. There’s plenty of people who don’t use a password what so ever so if they used this picture password it would be better than nothing wouldn’t it?
Also all you have to do is make sure that the wrong people don’t see you entering in your pattern and you should be ok. But I’d be interested to hear what you guys think of the picture password.
Is it a good feature that you will use? How secure do you think it is? What are it’s major flaws?
Let us know in the comments below