14 DAY TRIAL // One of the security features that Windows 8 will bring along is the possibility to login using a picture password, and not the usual password that contains letters and numbers.
Microsoft has already demoed the feature a few times before, suggesting that it would add an extra level of security to devices powered by its next Windows flavor.
The downside is that touch-enabled devices are those to benefit the most from this feature, while classic desktop PCs will not enjoy its utility.
As with any other form of computer protection, there is the question of reliability, and Microsoft has just offered as series of tips aimed at ensuring that users can get the most out of it.
Those who are interested in the best practices for coming up with a most secure sequence of login gestures for picture password in Windows 8 should know that it all starts with the photo that they choose for this in the first place.
According to Microsoft, there should be at least 10 points of interest on the photo. In other words, there should be more than 10 areas that could serve as landmarks for gestures (points to touch, places to connect with a line, areas to circle).
Another important factor involves the gestures that one chooses to perform for unlocking the device. There should be a random mixture of gesture types and sequence selected, which increases the strength of the picture password, and the security of the system.
Gestures that can be used include a tap, a line and a circle, and you should make use of all of them, in a random order. This will increase the number of combinations you can use, while lowering their predictability.
Here are some other tips for using the picture password, coming from Jeff Johnson, the Director of Development for the User Experience team, Microsoft, via a recent blog post:
- For circle gestures, randomly choose whether you draw it clockwise or counterclockwise. Also consider making the size of the circle bigger or smaller than the “expected” size.
- For line gestures, your instinct may be to always draw from left to right, but it is more secure if you randomly choose the direction with which you connect the two points.
- As with all forms of authentication, when entering your picture password, avoid allowing other people to watch you as you sign in.
- Keep your computer in a secure location where unauthorized people do not have physical access to it. As with any password entry, be aware of line of sight and potential recording devices that intrude on your screen.
At the same time, users should take into consideration the fact that moving fingers on a device's screen usually results in smudges that can be used for identifying gestures.
To ensure that this does not happen, they should keep the screen clean especially after signing in. Oils can easily build up even when simply entering usual passwords and PINs, which means that devices should be cleaned on a regular basis.
“Periodically look at your screen at an oblique angle while on the picture password login screen and see if there appears to be a pattern pointing to your gesture sequence. If so, either clean your screen or add a handful of additional smudges in the picture password area,” Jeff Johnson notes.