Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Problem With Windows 8's Picture Password

Posted by timothy on from the guy-with-a-video-camera-also-a-threat dept.

alphadogg writes "The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token. 'It's cute,' says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. 'I don't think it's serious security.' The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance — making it relatively easy to compromise, he says."

53 of 206 comments (clear)

  1. Video?! by Anonymous Coward · · Score: 5, Interesting

    Just look at the greasy finger marks

    1. Re:Video?! by pclminion · · Score: 5, Interesting

      Right. Because other than logging in, nobody ever touches the screen of their touchscreen device. Furthermore, typing a password on a touchscreen keyboard doesn't leave smudges that could be seen by anyone... Come on dude.

      I actually have a BUILD tablet (the ones MS handed out in September) and I use the picture login. It keeps the tablet private enough for my purposes. Of course, my password is to simply triple-tap on a particular spot on the image, so it doesn't leave a grease trail that stands out, particularly.

    2. Re:Video?! by adonoman · · Score: 4, Insightful

      Even in the worst-case scenario where the computer was used for nothing but logging in with the picture password, the math works out that it's still more reliable than the 4-digit pin that many other devices use.

    3. Re:Video?! by hawguy · · Score: 5, Interesting

      Even in the worst-case scenario where the computer was used for nothing but logging in with the picture password, the math works out that it's still more reliable than the 4-digit pin that many other devices use.

      I'm not so sure I trust the math, since the math is only part of the equation. (no pun intended...well, maybe it was)

      They claim that a 3 tap password has 2.7M combinations, but that's only true if each of the coordinates on the screen was equally likely to be tapped.

      But if the security image is a photo with 2 people and a dog, against a white wall it's pretty likely that I can guess where the taps are, so I only have to guess the order.

      Likewise, instead of a single line resulting in 1,949 unique gestures, in reality there are only 6 likely candidates. (and I bet most of the time if I draw the line from the face of the guy holding the dog's leash to the dog, then I'll have guessed correctly)

      Sure, someone may decide to tap on the lower left corner of the blank wall to make their passcode more secure, but the average person will probably stick with the faces.

    4. Re:Video?! by Electricity+Likes+Me · · Score: 3, Insightful

      Its not about the probability of other fingerprints on the device - all you need is a fairly good idea of where someone has been tapping on a photo, and from the photo you will probably be able to guess which points they've used.

    5. Re:Video?! by FrootLoops · · Score: 2

      You'd need to do some studies to see how non-uniform combination probabilities are. Asserting without proof that most people will choose easy-to-guess gestures is just as fallacious as just giving the number of unique combinations (which does not change) without discussing the underlying probability distribution.

    6. Re:Video?! by Anonymous Coward · · Score: 4, Insightful

      As someone who has owned several touch-screen devices over the last decade, I've noticed that it's a common occurrence for the oil on fingers to accumulate in a tell-tale trail on the screen if you're often swiping a particular pattern. It's the primary reason I switched to a numeric pin rather than the pattern-based authentication on my Android phone. Doesn't seem to happen with taps as it does with swiping.

    7. Re:Video?! by rsborg · · Score: 4, Insightful

      Just look at the greasy finger marks

      You know, the OS could mitigate this quite easily by moving around the picture, reorienting or rotating it. This would eliminate the benefit of muscle-memory, but allow it to be more secure.

      --
      Make sure everyone's vote counts: Verified Voting
    8. Re:Video?! by peragrin · · Score: 4, Informative

      you must not use finger touch tablets very often.

      I can always tell when someone plays a certian game on my phone, ipad, nook color. why? because the oils streaks have a pattern to them. certain games leave specific patterns. you may not know which is the begining. but if 1/3 the screen doesn't have any oil on it then those parts are ones you dont' have to think about.

      Take a standard password of 12 keys. Now with a glance eliminate 75 out of 101 keys on the keyboard. It becomes a whole lot easier to brute force now.

      --
      i thought once I was found, but it was only a dream.
    9. Re:Video?! by KlomDark · · Score: 3, Insightful

      Yeah, you can do that on a computer with a REAL screen, not those little iToys that all the cool kids have to carry around with them these days.

      Can't wait for this fad to die down a bit so we can quit hearing all these retarded stories about "The Desktop Computer is DOOOOOOMMMEEEDD!" all the time.

      Sure, it's eventually doomed, but not for a long time still. There are so many things that I do on a triple headed desktop that I would never want to attempt on a mobile or pad. (Coding, taxes, etc.) And some things are more convenient on a mobile device. (Driving directions, reading the news over lunch, etc.)

      CricKet MessageMate II WTF! ;)

    10. Re:Video?! by Mia'cova · · Score: 4, Informative

      The math used for comparison typically assumes that there are 10 points of interest in an image. Obviously there's a range depending on the image but most have at least 10. Just don't use Japan's flag as your image and you should be okay. Since lines are directional, when you say 6 likely candidates for lines, that works out to three points of interest: A->B, A->C, B->A, B->C, C->A, C->B. So that really isn't true at all.

      The meaty bit at the end of their math is this: "Assuming the average image has 10 points of interest, and a gesture sequence length of 3, there are 8 million possible combinations, making the prospect of guessing the correct sequence within 5 tries fairly remote."

      The table at the bottom is good to look through.
      http://blogs.msdn.com/b/b8/archive/2011/12/16/signing-in-with-a-picture-password.aspx

      Bottom line, for 3 gestures on a typical image, 8 million > [10,000 to 1,000,000] (possibilities for a 4 to 6-digit pin, the valid comparison for this)

    11. Re:Video?! by Anonymous Coward · · Score: 2, Informative

      without proof that most people will choose easy-to-guess gestures is just as fallacious as just giving the number of unique combinations

      Considering the amount of evidence out there proving that, left to their own devices, a large majority of people already use easily guessable passwords (NYT, 2011 Worst Password Study, and on, and on...), this isn't a stretch at all.
      In fact, your non-logic deserves a spanking considering how easy a simple web-search is on this subject. Try a little harder next time.

    12. Re:Video?! by swalve · · Score: 2

      Or they could do what non-idiotic security systems have been doing forever, and mix up the order of the pictures each time. Or use three pictures, and use a different pool of pictures for each "keypress". Once a user selects their first image, the screen redraws and displays a new set of pictures to choose from.

    13. Re:Video?! by cbhacking · · Score: 3, Interesting

      The portion of the picture that is shown for Picture Password is cropped and moved around the screen, specifically to mitigate a "smudge attack".

      --
      There's no place I could be, since I've found Serenity...
    14. Re:Video?! by Anonymous Coward · · Score: 2, Informative

      i take it you haven't tilted your touchscreen to see the smooth path that is worn in at the most used points on the screen.

      This is a problem with androids pattern lock and the screen protector film overlays.

      Over time, the film develops a smoothness along the path where you're finger glides in order to trace out the lock pattern.

      guessing someones lock pattern is simple as tilting the device to make light reflect in a way that reveals the differences in roughness on the screen protector film.

    15. Re:Video?! by pruss · · Score: 5, Informative

      There is still the question of getting the swipes in the right order.

      When I wrote a PictureLogin beta app for Palms (back in 2007; no, it's not prior art for the MS patent, as it was tap-only rather than swipe), I made PictureLogin act as a quick login screen, with an immediate fallback to the default passkey login if it failed. It would be very unlikely an attacker would get in on the first try, but it would allow users to have a very fast login with as few as two taps, or maybe even with only one if one was willing to take a risk. That would also help with the fingerprint problem. I think I was also thinking about some security-by-obscurity options, such as a user using some fake form as their PictureLogin image, so that someone who stole or found the device would not know that it's actually a PictureLogin login screen. You turn it on, and you see some normal Palm screen. You tap once or twice in the right place(s) and you're in, and you tap even once in the wrong place and fall back. I never got around to a full release of PictureLogin, though the code is open source.

    16. Re:Video?! by mysidia · · Score: 4, Interesting

      Its not about the probability of other fingerprints on the device - all you need is a fairly good idea of where someone has been tapping on a photo, and from the photo you will probably be able to guess which points they've used.

      So don't just have them tap on parts of a photo. Present a display showing 255 photos, each arranged into a little icon. And ask the user to "touch" the right icon.

      Once they've touched the first photo, show another display of 254 more photos, the photo they picked before can no longer be picked.

      After the user's chosen four different photos, from four disjoint lists of 255 photos, show a fifth photo that is algorithmically derived from their previous two choices.

      Their previous four choices combined with the points on the photo they select, form a password that is much more secure than what the average person uses and can remember as a password.

      there were at least 255 * 254 * 253 * 252 (4 billion) possible choices of photos they can pick, if the order of selection matters, and then after you add the unique points they chose on the fifth photo.

      You have a password that is much better than the person's daughter's name, or their middle name + phone number

    17. Re:Video?! by Maow · · Score: 2

      Just look at the greasy finger marks

      I wish my Android swipe-unlock-pattern would present itself at different locations on the screen so the unlock swipe pattern would be more randomised.

      Hey, I should patent that!

  2. Passwords susceptible to surveillance, more at 11. by Anpheus · · Score: 5, Insightful

    Surely an accomplished individual like him could put out a serious paper on why picture passwords aren't good security, if they aren't. The math seemed alright in the Microsoft blog, so I don't know what the problem is.

    Oh, I know what it is, he's the head of a company that offers alternative security products that use multi-factor authentication. *Of course* well implemented multi-factor auth is more secure than single-factor, but if he weren't in charge of a company trying to sell a product, would this article even exist? Probably not.

  3. In other news by Anrego · · Score: 4, Insightful

    The lock on your diary offers little protection from a skilled locksmith most can be opened with a simple bent piece of metal.

    If you have someone following you around with cameras trying to capture your login info to use later when they have physical access to your machine a traditional password probably isn’t going to cut it either. This provides the same kind of “guy walking by” protection as traditional passwords do. Ok, maybe less.. but still. Maybe this will actually push people towards more secure auth for serious things by highlighting how insecure a basic password is.

    All that said, I think it’s a pretty stupid feature ;p

    1. Re:In other news by mrclisdue · · Score: 4, Funny

      All that said, I think it’s a pretty stupid feature ;p

      Ah, but if you imagine goatse as the login photo...how brilliant is that?

      cheers,

  4. Well of course not... by DrEldarion · · Score: 5, Insightful

    Of course it's not "very good" security. Neither is Android's face unlock. Neither are PINs. Neither are passwords. etc. etc. etc.

    The whole point of things like this are that they're better than no security and that people will actually use them. You can have the best security setup in the world, but if users never enable it because it's too much of a pain in the ass, then it's worthless.

    1. Re:Well of course not... by Opportunist · · Score: 5, Insightful

      I dare to disagree. Bad security can actually be worse than no security. For more than one reason.

      First, the obvious one: People rely on security and act as if they're protected even though they are in fact not.

      The less obvious one is that a faulty and flawed security mechanism actually offers another attack vector. To use an example from a real security problem, imagine a door without a lock and no handle, opening to the outside. Without handle or lock, the door cannot be opened from the outside, since there is no way for you to pull at it, and pushing it won't do you no good. And a good, solid oak door is quite hard to bash in. Add a lock and you not only offer a point where an attacker can actually put a hook, you also have to weaken the door to apply the lock. If the lock is now flawed and easy to pick, you actually lowered the security of the door by adding a lock.

      It's the same with flawed IT security mechanisms.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Well of course not... by AngryDeuce · · Score: 3, Insightful

      Exactly. The weakest point in any security system will always be the user, and unfortunately, the user is the hardest weakness to combat.

      Consider forcing password changes at certain intervals: 99% of the time, the new password is the same as the old one with a variation of a single character; e.g., "Flower" becomes "Flower1". Then, next time there's a forced password change, they just set it right the hell back to "Flower", or go up to "Flower2".

      Then there's the systems where the password is provided, usually gibberish alphanumeric of a certain character length. Nobody can remember that shit, so what does everyone do? Write it the hell down somewhere, or store it in a text file; usually fucking called "Passwords", because people are retards.

      No matter how elaborate your security is, the user will find a way to fuck it up. A door won't be closed, a document won't be shredded, a workstation won't be locked, a security protocol won't be followed, and it's always for the sake of the user's convenience. The more of a pain in the ass it is, the more likely it will be compromised by laziness on the part of the user. That's just how people are; not all of them, but a lot of them.

      I mean, stories of people getting hacked or their identities stolen are in the news all the time, and the most common user-created passwords are still ridiculous shit like "1234" and "ABCDEFG". Clearly people would rather accept the risk of a weak password for the sake of convenience. Either that or they really are retarded.

    3. Re:Well of course not... by bherman · · Score: 5, Insightful

      Taking your analogy a bit further..... While you may have a more secure door without the lock, you also have what is commonly referred to as a wall. Without a way to use the door it is no longer serving it's intended purpose. The most secure computer is one that is not on a network and cannot be physically accessed. Once you actually need to access it you are now weighing the tradeoff between usability and security. The picture password is intended to provide a way for users who wouldn't otherwise protect their device with a low impact way of doing so.

      --
      Error: Sig not found.
    4. Re:Well of course not... by Endo13 · · Score: 3, Insightful

      Your door analogy is fundamentally flawed, because the user has to get in some way, otherwise the house (or PC) is useless. The same applies to both. On the house, sure that particular door is difficult to break into because you can't open it from the outside. But somewhere on another wall there's another door that can be opened from the outside, and will have traditional security measures.

      That's the whole point of security - to allow authorized entry while making it difficult for unauthorized entry. Your suggestion of making entry impossible is mind-bogglingly stupid in this context.

      --
      There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
    5. Re:Well of course not... by ghostdoc · · Score: 4, Insightful

      That's just how people are; not all of them, but a lot of them.

      I mean, stories of people getting hacked or their identities stolen are in the news all the time, and the most common user-created passwords are still ridiculous shit like "1234" and "ABCDEFG". Clearly people would rather accept the risk of a weak password for the sake of convenience. Either that or they really are retarded.

      Since clearly most people are not retarded, but are using the system as if they are retarded, then the system is the problem. Blaming the users is pointless, you're not going to get better human beings to use your system, so you've got to change the system.

      As XKCD and many others have pointed out, we have a pointlessly hard method of specifying passwords...if it's 'strong' it can't be easily remembered, and will be written down or re-used on multiple occasions. If it's easy to remember then it's easy to guess. In other words, we have a system that is easy for computers to implement, but hard for humans to use.

      There must, surely, be better ways of doing this that work with the way the human brain works to encourage stronger security. After all, it's a lot easier to change the security implementation than it is to change the human brain. We need to find a better system and not just stick with the current broken one and blame the users for being retards.

      I'm glad someone is trying something different that might make security better.

      --
      Business/App ideas are like arseholes: everyone's got one, they're mostly shit, but very rarely they contain a diamond
    6. Re:Well of course not... by bigstrat2003 · · Score: 2

      Since clearly most people are not retarded...

      Excuse me, but that is not clear at all.

      --
      "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
    7. Re:Well of course not... by cbhacking · · Score: 2

      Also, you're clearly not thinking about it enough. A suction cup will easily allow you to pull the door toward you. Security through obfuscation ("I can't figure out how to pull this door open, there's no handle!" or "I can't figure out how to decrypt this file; it's a custom crypt algoritm!") is about as useful as its name sounds. Anybody who bothers to really try will probably find more weaknesses in the method you used than in the well-known and widely-tested techniques.

      --
      There's no place I could be, since I've found Serenity...
  5. It also leaves smudges by Piata · · Score: 3, Insightful

    I could unlock my friend's Android phone just by studying the smudge patterns on the touchscreen. I imagine this would be just as easy.

  6. Re:Another problem by adonoman · · Score: 4, Informative

    Then you can use the actual password on the on-screen keyboard. The picture password is just an optional convenience feature.

  7. I seem to recall an old standard . . . by mmell · · Score: 5, Insightful
    "Something you have, something you know and something you are. Pick two out of three."

    Hence, RSA tokens + passwords (something you have + something you know)

    Smart cards + biometrics (not perfect, but something you have + something you are)

    Or even all three, for the truly paraniod (smart card + biometric scan + password)

    Even with all three, a sufficiently determined entity with sufficient resources can overcome it. Video recording + physical acquisition of the owned object + physical acquisition of the biometric object (hope it's just a fingerprint scan and not a retinal scan!) will get an intruder past the security trifecta.

    What next, DNA + mind scan + a password > 512 bytes?

    1. Re:I seem to recall an old standard . . . by Anrego · · Score: 5, Insightful

      It has to scale to the requirement for security.

      My slashdot account doesn't need three factor authentication, however I wish my bank would have at least 2 (seriously, I've yet to find any banks in Canada, let alone my province (Nova Scotia) that offer something beyond a password. The hell!).

  8. Re:Passwords susceptible to surveillance, more at by Anonymous Coward · · Score: 2, Informative

    Here are the links to the relevant Microsoft blog posts:
    http://blogs.msdn.com/b/b8/archive/2011/12/16/signing-in-with-a-picture-password.aspx
    http://blogs.msdn.com/b/b8/archive/2011/12/19/optimizing-picture-password-security.aspx

  9. Windows 8 security sucks, but... by HideyoshiJP · · Score: 5, Funny

    For only $99.95, you can buy our three factor authentication software for one year! That's right, keep criminals from stealing your digital camera pictures of your cat for a nominal fee! I'm willing to bet this picture security is no less secure than typing on a keyboard that's visible on the screen and combining it with the screen smudges. Domains probably won't use this authentication anyway, or at least it'll be optional.

  10. How many memorable ways can one gesture a photo? by DanLake · · Score: 5, Funny

    So QUERTY becomes "Head, Shoulders, Knees and Toes". I'm guessing in many cases that the picture itself would suggest how it was to be interacted with.

  11. Re:Another problem by Capt.DrumkenBum · · Score: 3, Informative

    The WILL forget their password. We have laptops here with fingerprint scanners. Everyone who uses the scanner (optional) has forgotten their password.

    --
    If I were God, wouldn't I protect my churches from acts of me?
  12. Re:Passwords susceptible to surveillance, more at by Baloroth · · Score: 3, Informative

    "Good" is in this case equivocal. Are picture passwords highly secure? Probably not. SO they aren't very good in that sense. Are they easy to use and secure enough for most purposes? Yes, making them extremely good for the average user. Which makes them better security in many ways than multi-factor authentication, which would be absurd for a tablet device that isn't carrying top-secret documents. As people have pointed out many times, complex security often ends up being less secure, as the user has to find ways of remembering long passwords, gets sick of the wasted time and just used "1234" for the both of the redundant passwords, or just turns off the security as soon as they can or ignores it entirely (Windows UAC under Vista).

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  13. Only reliable for hackers, not users? by jelwell · · Score: 2

    Has he even tried this? I can't reliably login using the picture password setting, and I'm the one that set up the "password". I'm not convinced a video recording would suffice. I could, just as easily, video record your keyboard from a distance, but that's not going to net you my password very reliably either. Not unless you're a chicken pecker.
    Joseph Elwell.

  14. What really makes that method bad by Opportunist · · Score: 3, Informative

    You remember the passwords of the old days that your users had? That were the names of their loved ones, their birthday or the ever popular "test", "password" and "12345"?

    Guess what, they'll get a revival. For the same damn reason: People have no idea about security and they don't give a fuck about it. They prefer easy to remember passwords to secure ones. Just that with picture passwords, unlike standard typed ones, it's kinda hard to implement password security standards.

    Why it's more insecure than typed passwords? Well, take your average photo. Now imagine what 4 points a person might be touching in it. Can you spot more than 6 "sensible" spots? People will choose points in the picture that stand out, and there won't be many more than 4-6 points that stand out. Unless some kind of 3-strikes-rule gets implemented (not bloody likely on a private computer, or even corporate computers after helpdesk had to reset the password for the n-th time because people failed to hit the right spot on their picture), it just takes rather few attempts at "connect-the-dots" before you find one that fits.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  15. Re:How many memorable ways can one gesture a photo by Anonymous Coward · · Score: 5, Funny

    How the hell do you typo QWERTY?

  16. Re:Unlike any other authentication... by Fluffeh · · Score: 3, Insightful

    The interesting thing to me is that on a photo there would be obvious "points of interest". If you had a picture of a few friends, you would likely use their faces as touch points. If you had a picture of a hillside with some houses, those would likely be the points that get touched. Don't get me wrong, I like the idea of this rather novel password concept, but I think that in terms of security (at least for the most part) that any photo would have obvious points that narrow down the possibilities.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  17. Re:Unlike any other authentication... by Anonymous Coward · · Score: 3, Funny

    If you had a picture of a few friends, you would likely use their boobs as touch points. FTFY

  18. The same RSA token that was hacked this year? by PNutts · · Score: 2

    To be fair he *is* an expert in poor security.

  19. Re:Another problem by qbast · · Score: 5, Insightful

    - Hey, give it back your bastard! Eh, at least he is not going to get any of my secret data - it is fingerprint protected!
    - What are you doing with this knife?! Aaaaaaaargh...
    - You sick fuck! And what makes you so sure I use right index finger anyway? No, wait, this was just a joke!
    - Omg, he has an axe too ... Leave me at least left hand, pleeaseee!
    - Well, I can't use fingerprint scanner anymore so I will get a laptop with iris scanner. What could go wrong?

  20. Re:How many memorable ways can one gesture a photo by doshell · · Score: 2

    I do not use a QWERTY keyboard, you insensitive clod!

    --
    Score: i, Imaginary
  21. Re:How many memorable ways can one gesture a photo by DanLake · · Score: 3, Interesting

    How the hell do you typo QWERTY?

    Good question and thank you kind AC for pointing it out. I guess it happened because my fingers don't willingly type misspelled words and I type 'query' about a million times more often than I type qwerty.

  22. Re:comment from the article by Hooya · · Score: 2

    The "things" that matter the most to me, my most valuable "things", are protected by a flimsy wooden door with easily breakable hinges and easily pickable locks - my wife and kids. I would think if you apply your logic, then unless your wife and kids were locked up in a vault in, say, fort knox, you would consider it unsecure?

    My point being that it's a risk/reward thing. If you have something on your tablet that needs 3 factor authentication, you would have 3 factor authentication. But not everything needs 3 factor authentication. I don't need to lock up my family in fort knox. Just like I don't need what I have on my tablet to be protected by a 3 factor auth.

  23. Re:How many memorable ways can one gesture a photo by mabhatter654 · · Score: 2

    That could work if you had pictures with multiple objects. Something like cat-ball-car ... But you would need some crowd sourcing to generate the data. Or use something like Settlers of Cattan pieces, or Magic the Gathering cards. Click 3 roads or 5 mana symbols.

    Bonus points if you built a modular system.. So people can make their own image packs... Allowing for more "inside jokes".

  24. hmm by stevenfuzz · · Score: 3, Insightful

    Wouldn't it be prudent for the inventor of "RSA's SecurID token" to say that basically any security system other than his is ineffective?

  25. Re:You assume that designers are idiots by hawguy · · Score: 3, Insightful

    But if the security image is a photo with 2 people and a dog, against a white wall it's pretty likely that I can guess where the taps are, so I only have to guess the order.

    In that case... don't choose an photo of 2 people and a dog.

    What you're saying is "This system has very poor security, if they choose the pictures poorly and each picture has very few probable combinations". Pretty obvious answer is: Don't choose such pictures. I'd guess that before they choose a picture for this purpose, they do some testing on what kind of patterns people use and discard the pictures where there is too little distribution. Of course, users may always use the most obvious pattern and they might be able to choose a picture themselves and use too simple picture... but users can also choose very stupid passwords.

    That's my point exactly - in the lab, I'm sure this is a very secure system and can be made to be much more secure than a traditional passphrase. But in the real world, people see security as something that gets in the way, so they choose something easy to use, not something secure, so this ends up being not any more secure than any other system.

  26. Here is how you make it more secure by DrXym · · Score: 3, Interesting
    1. Make the picture fairly small so people are not using pronounced movements to draw on it. i.e. don't fill the screen with the picture, use a part of it so the gestures are smaller.
    2. Distort the picture, e.g. scale, rotate, shear and offset by some random percentage each time so even if you observe the gesture or the smears on screen you cannot exactly reproduce them the next time. Apply a transform to turn the gesture back into coords relative to the original picture.
    3. Go one further and break the picture up into 8 or 9 pieces and while maintaining their relative position offset them from each other by some random spacing.
    4. Don't let users pick the picture. Ship some interesting pictures with lots of points of interest to minimize the chances someone could guess them.
    5. Provide a fallback mode that uses a password

    All of these would help secure picture passwords and protect against snoopers.

  27. Re:You assume that designers are idiots by neokushan · · Score: 2

    MS addressed the insecure picture idea in one of their blog posts. It's insecure if you have only one or two points of interest, but with 3 or more the security goes up quite a bit because each of the POI's has numerous things that can be attributed to them - taps, swipes from one to another in either direction and different sizes of circles. Then you have to get the order right on top of that. Yes, there are other issues for sure (Smudges, etc.) but the points of interest one isn't actually that bad.

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill