Over the last few days, Microsoft has revealed a number of details on the Building Windows 8 blog regarding a new feature coming to the upcoming OS dubbed “Picture Password”. Upon hearing the name of the feature, you may assume (incorrectly) that it’s some sort of integrated face recognition technique, but that couldn’t be further from the truth. In fact, the contents of the picture used for the login password are somewhat irrelevant. It’s actually touch gestures overlayed over the photo that are the foundation of Windows 8’s picture password feature.
In a video posted on the blog, Zach Pace, a product manager in the User-Centered Experience team at Microsoft, explains picture password at great length. In the post, Pace explains, “At its core, your picture password is comprised of two complimentary parts. There is a picture from your picture collection and a set of gestures that you draw upon it. Instead of having you pick from a canned set of Microsoft images, you provide the picture, because it increases both the security and the memorability of the password. You get to decide the content of the picture and the portions that are important to you. Plus, you get to see a picture that is important to you just like many people do on their phone lock screen.”
Image Source: Building Windows 8 Blog
Although faces can be in the picture used for the picture password, any image with multiple points of interest will suffice. When setting up the feature, an image is chosen and then touch gestures must be applied to the images using some combination of circles, lines or taps. In the example Mr. Page uses in the blog post, a picture with four people (his parents and two sisters) is chosen. He then assigns a circle gesture around his father’s head, draws a line between his sisters’ noses, and taps his mother’s nose. Once the picture and gestures are assigned, to log into the machine, the gestures must be followed exactly—drawn in the same order, same direction and orientation, and same locations. A video posted in the blog does a good job showing the technology at work.
The concept seems relatively simple at first. And some are sure to question the level of security offered by Picture Password, especially since touch gestures on a screen tend to leave fingerprints and smudges that could give a nefarious individual some of the information they’d need to “crack” the password, but Microsoft has made some practical consideration to protect users. The information in the blog also goes on to say, “Because the order of gestures, their direction and location all matter, it makes the prospect of guessing the correct gesture set based on smudging very difficult even in the completely clean screen case, let alone on a screen that sees regular touch use.”
We’d love to get your input on Picture Password. Zach Pace also said, “When we started the process of designing picture password, we knew that we wanted a sign-in method that was fast, fluid, and personal to each and every user of Windows 8, but still had a robust security promise. Through our research and refinement of both the experience and the concept, we believe we’ve hit on a method of signing in that’s secure but also a lot of fun to use.”
Having seen Picture Password in action and read the information Microsoft has already revealed, I’m inclined to agree. Picture Password seems to be an innovative, interesting, and dare we say fun way to log into a machine. What say you?
Marco Chiappetta is a freelance journalist specializing in PC and consumer device hardware reviews. Or in his words, Marco is a "self-confessed keyboard geek." In addition to covering Microsoft for Network World, Marco's work also appears in PC World and he is an editor at Hothardware.com.