Microsoft Gives Details On Windows 8 Picture Passwords

Microsoft has revealed more technical information on its upcoming Picture Password feature, arguing it is as secure as conventional techniques

At September’s BUILD conference, Microsoft took an auditorium of developers on a deep dive into the upcoming Windows 8. Among the features revealed in passing was a rather unique way of safeguarding the operating system from unauthorised users: a “Picture Password” that required touching parts of an image in order to move past the initial lock screen.

Now Microsoft is revealing more details about the “Picture Password” sign-in. First, users will choose a personal image; then, a series of gestures (tap, lines, and circles) to “unlock” the Windows 8 interface.

That relatively simple process required a good deal of thought on the part of Microsoft’s engineers, who needed to solve problems such as how much margin of error they’d allow users’ gestures.

Margin of error

“We take a look at the difference between each gesture and decide whether to authenticate you based on the amount of error in a set,” Zach Pace, a programme manager for Microsoft’s You Centred Experience team, wrote in a 16 December posting on the Building Windows 8 blog. “When the types, ordering, and directionality are all correct, we take a look at how far off each gesture was from the ones we’ve seen before, and decide if it’s close enough to authenticate you.”

He also argued that drawing on an image offers security on par with entering numbers and letters into a keypad. Taps, lines and circles on a set grid can translate into billions of possible gesture sets. Moreover, Microsoft is baking additional security measures into Picture Password.

“When you enter your picture password incorrectly 5 times, you are prevented from using the feature again until you sign in with your plain text password,” he wrote. “Also, picture password is disabled in remote and network scenarios, preventing network attacks against the feature.”

In theory, potential thieves would have trouble guessing your Picture Password based on telltale smudges on a screen. “Because the order of gestures, their direction and location all matter,” he added, “it makes the prospect of guessing the correct gesture set based on smudging very difficult even in the completely clean screen case, let alone on a screen that sees regular touch use.”

Windows Store

Microsoft has revealed several aspects of Windows 8 of late. Earlier in December, it unveiled Windows Store, its long-anticipated applications storefront for the operating system.

In the battle against Apple’s App Store, Microsoft is likely banking on Windows 8 attracting a broad audience of both consumers and business users, which in turn would generate a significant market for everything from games to enterprise applications.

Businesses are a key audience for Microsoft products, and thus a target of the company’s earliest communications regarding its new storefront.

Microsoft has announced that the Windows 8 beta will arrive in February. Unlike previous versions of the operating system with their desktop-style interface, the operating system’s start screen centres on a set of colorful, touchable tiles linked to applications – the better to port it onto tablets and other touch-centric form-factors.

The final version is reportedly due later in 2012.