Mentioned in great detail on the developer blog of the Windows engineering team, Microsoft is working on a method of logging into a computer powered by Windows 8 through a “Picture Password”. Likely designed for touchscreens, users are prompted with a familiar picture of their choice and asked to make a series of finger gestures on the screen to setup password protection. Microsoft recommends that users pick at least three gestures and can choose between a circle, a tap and a line drawn between two points. When a user logs into a Windows 8 machine using Picture Password, they simply have to replicate the correct placement, order and direction of all gestures.
Microsoft dictates the set of three different gestures after research showed that login time was cut from 17 seconds using free form gestures to 4 seconds using preset gestures. Users don’t have to be 100 percent accurate with the placement of the gestures as the image is broken up into a grid and the combination of replicating the three gestures is assigned a percentage score each time the login process is attempted through an algorithm. If the score is 90 percent or above, the user gains access to the system.
Microsoft also outlined how security is increased with the Picture Password method. For instance, if a user creates a six-character text password with at least one uppercase letter and one number, there would be 7 billion combinations available. However, if a user creates a picture password with six gestures using only taps, that number increases to 1.3 trillion combinations. Even further, reducing the amount of gestures to five and including at least one circle and one line gesture within the group increases the number of combinations to approximately 70 trillion. The Windows engineering team has just started building the Picture Password functionality and hopes to include it within the final version of Windows 8 likely released during 2012.
