Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Problem With Windows 8's Picture Password

Posted by timothy on from the guy-with-a-video-camera-also-a-threat dept.

alphadogg writes "The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token. 'It's cute,' says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. 'I don't think it's serious security.' The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance — making it relatively easy to compromise, he says."

7 of 206 comments (clear)

  1. Passwords susceptible to surveillance, more at 11. by Anpheus · · Score: 5, Insightful

    Surely an accomplished individual like him could put out a serious paper on why picture passwords aren't good security, if they aren't. The math seemed alright in the Microsoft blog, so I don't know what the problem is.

    Oh, I know what it is, he's the head of a company that offers alternative security products that use multi-factor authentication. *Of course* well implemented multi-factor auth is more secure than single-factor, but if he weren't in charge of a company trying to sell a product, would this article even exist? Probably not.

  2. Well of course not... by DrEldarion · · Score: 5, Insightful

    Of course it's not "very good" security. Neither is Android's face unlock. Neither are PINs. Neither are passwords. etc. etc. etc.

    The whole point of things like this are that they're better than no security and that people will actually use them. You can have the best security setup in the world, but if users never enable it because it's too much of a pain in the ass, then it's worthless.

    1. Re:Well of course not... by Opportunist · · Score: 5, Insightful

      I dare to disagree. Bad security can actually be worse than no security. For more than one reason.

      First, the obvious one: People rely on security and act as if they're protected even though they are in fact not.

      The less obvious one is that a faulty and flawed security mechanism actually offers another attack vector. To use an example from a real security problem, imagine a door without a lock and no handle, opening to the outside. Without handle or lock, the door cannot be opened from the outside, since there is no way for you to pull at it, and pushing it won't do you no good. And a good, solid oak door is quite hard to bash in. Add a lock and you not only offer a point where an attacker can actually put a hook, you also have to weaken the door to apply the lock. If the lock is now flawed and easy to pick, you actually lowered the security of the door by adding a lock.

      It's the same with flawed IT security mechanisms.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Well of course not... by bherman · · Score: 5, Insightful

      Taking your analogy a bit further..... While you may have a more secure door without the lock, you also have what is commonly referred to as a wall. Without a way to use the door it is no longer serving it's intended purpose. The most secure computer is one that is not on a network and cannot be physically accessed. Once you actually need to access it you are now weighing the tradeoff between usability and security. The picture password is intended to provide a way for users who wouldn't otherwise protect their device with a low impact way of doing so.

      --
      Error: Sig not found.
  3. I seem to recall an old standard . . . by mmell · · Score: 5, Insightful
    "Something you have, something you know and something you are. Pick two out of three."

    Hence, RSA tokens + passwords (something you have + something you know)

    Smart cards + biometrics (not perfect, but something you have + something you are)

    Or even all three, for the truly paraniod (smart card + biometric scan + password)

    Even with all three, a sufficiently determined entity with sufficient resources can overcome it. Video recording + physical acquisition of the owned object + physical acquisition of the biometric object (hope it's just a fingerprint scan and not a retinal scan!) will get an intruder past the security trifecta.

    What next, DNA + mind scan + a password > 512 bytes?

    1. Re:I seem to recall an old standard . . . by Anrego · · Score: 5, Insightful

      It has to scale to the requirement for security.

      My slashdot account doesn't need three factor authentication, however I wish my bank would have at least 2 (seriously, I've yet to find any banks in Canada, let alone my province (Nova Scotia) that offer something beyond a password. The hell!).

  4. Re:Another problem by qbast · · Score: 5, Insightful

    - Hey, give it back your bastard! Eh, at least he is not going to get any of my secret data - it is fingerprint protected!
    - What are you doing with this knife?! Aaaaaaaargh...
    - You sick fuck! And what makes you so sure I use right index finger anyway? No, wait, this was just a joke!
    - Omg, he has an axe too ... Leave me at least left hand, pleeaseee!
    - Well, I can't use fingerprint scanner anymore so I will get a laptop with iris scanner. What could go wrong?