Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Problem With Windows 8's Picture Password

Posted by timothy on from the guy-with-a-video-camera-also-a-threat dept.

alphadogg writes "The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token. 'It's cute,' says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. 'I don't think it's serious security.' The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance — making it relatively easy to compromise, he says."

5 of 206 comments (clear)

  1. Re:In other news by mrclisdue · · Score: 4, Funny

    All that said, I think it’s a pretty stupid feature ;p

    Ah, but if you imagine goatse as the login photo...how brilliant is that?

    cheers,

  2. Windows 8 security sucks, but... by HideyoshiJP · · Score: 5, Funny

    For only $99.95, you can buy our three factor authentication software for one year! That's right, keep criminals from stealing your digital camera pictures of your cat for a nominal fee! I'm willing to bet this picture security is no less secure than typing on a keyboard that's visible on the screen and combining it with the screen smudges. Domains probably won't use this authentication anyway, or at least it'll be optional.

  3. How many memorable ways can one gesture a photo? by DanLake · · Score: 5, Funny

    So QUERTY becomes "Head, Shoulders, Knees and Toes". I'm guessing in many cases that the picture itself would suggest how it was to be interacted with.

  4. Re:How many memorable ways can one gesture a photo by Anonymous Coward · · Score: 5, Funny

    How the hell do you typo QWERTY?

  5. Re:Unlike any other authentication... by Anonymous Coward · · Score: 3, Funny

    If you had a picture of a few friends, you would likely use their boobs as touch points. FTFY