Back in October 2012 when Microsoft officially launched the new Windows 8, the company also introduced a new authentication system called picture password.
Specifically designed for touchscreen devices, picture passwords are based on gestures set up by the administrator and then used to unlock any unit running Windows 8.
While this could indeed be a revolutionary way to protect a Windows 8 computer, a new research conducted by Arizona State University, Delaware State University and GFS Technology shows that picture passwords are rather unsafe and could be easily hacked.
The whole idea behind the project is pretty simple: people tend to use the same gestures for a certain type of photos, including objects such as eyes, nose, hands, fingers, jaw, and face. This way, a hacker for example can try multiple combinations using the key objects shown in a picture until it successfully unlocks the device and gets access to data.
“The security of background draw-a-secret schemes mostly relies on the location distribution of users’ gestures. It is the most secure if the locations of users’ gestures follow a uniform distribution on any picture. However, such passwords would be difficult to remember and may not be preferable by users. By analyzing the collected passwords, we notice that subjects frequently chose standout regions on which to draw,” the research reads (PDF reader required).
Microsoft, on the other hand, claims that its new technology is actually faster than regular passwords, so it recommends users to use them on both Windows 8 and Windows RT devices.
“You can use a picture password in Windows 8 and Windows RT, so that even signing in to your PC is more personal. Because you choose the picture and the shapes you draw on it, the combinations are infinite—a picture password is actually more secure from hackers than a traditional password. You can draw a picture password directly on a touchscreen with your finger, or you can use a mouse to draw your shapes,” the company said.
Here is a video showing Microsoft’s new picture password tool in action: