- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - The security of Windows 8 picture passwords might not be as weak as some recent headlines indicate, and there are ways to maximize how hard they are to crack, researchers say.
Unlocking a Windows 8 machine by tapping points, circling objects and drawing lines over an image on a touchscreen is no less secure than using a four-digit PIN to secure a cell phone’s SIM card, says Sophos researcher Paul Ducklin on the NakedSecurity blog.
ENTERPRISE: Dell sticks with Windows 8 for business tablets
SO SORRY: 10 Sorriest Technology Companies of 2013
And by following advice issued by Microsoft itself picture passwords can be made significantly more secure.
The issue came up when researchers at the Usenix Security Symposium proposed a scheme improving attackers’ odds of defeating the picture passwords, and flashy headlines about the paper said the research found that picture passwords were easily cracked.
Picture password security admittedly can be not-so-great, Ducklin notes, depending on how many gestures are used and how many points of interest the security picture contains. A point of interest is an area in a picture such as a face, animal, building etc. that people may commonly choose to include in the password by tapping, circling or drawing a line to.
Microsoft has developed a formula for figuring out how many possible passwords can be squeezed out of a single image based on the number of gestures and points of interest - (m . (1+2 . 5 + (m -1)))n , where m is the number of points of interest in the photo and n is the number of gestures in the picture password. So the more points of interest in the picture and particularly the number of gestures can significantly increase the possibilities and hence the security.
Also, the types of gestures chosen can increase the difficulty of mimicking them. A circle is more difficult than a tap and a line is more difficult than a circle, Microsoft researchers say. So a password with five gestures, all taps, would be easier to guess than one with five gestures, all lines.
To discourage brute force attacks against picture passwords, the system defaults to a traditional text password after five failed attempts with gestures.
Dubbed Power Cover, the device would contain a battery of its own that would connect via the magnetic keyboard dock doubling the battery time of Surface Pro. The report says Power Cover doesn’t work with Surface RT.
The new device employs the same typing technology as the current Type keyboard, whose keys actually depress slightly and click when tapped. Microsoft also offers a Touch keyboard that is flat and responds to finger pressure but the keypads don’t actually move.
Power Cover will work with the current Surface Pro, which features power contacts on it docking surface that are not currently
used, as well as with the next-generation Surface RT (to be known as Surface 2) and the next-generation Surface Pro (to be
known as Surface Pro 2). At 1.1 pounds it weighs twice as much as the current Touch keyboard.
The battery life of the next generation of Surface Pros is likely to improve even without the new keyboard/cover because it will be based on the power-miserly Haswell chip.