Windows 8 will let you draw your password

19 Dec 2011

Very soon we will be drawing our passwords. Microsoft’s next operating system Windows 8 will boast new picture password technology on tablet and touchscreen computers, the company has revealed.

“Picture password is a new way to sign into Windows 8 that is currently in the Developer Preview,” Microsoft’s developer chief Steve Sinofsky said in the Building Windows 8 blog.

The new picture password technology lets users draw a pattern around a picture they have chosen. For example, a pattern known only to them can be set on a family photo or a photo of a pet.

Microsoft’s Zach Pace explained that each picture password is comprised of two complimentary parts. “There is a picture from your picture collection and a set of gestures that you draw upon it. Instead of having you pick from a canned set of Microsoft images, you provide the picture, because it increases both the security and the memorability of the password.

“You get to decide the content of the picture and the portions that are important to you. Plus, you get to see a picture that is important to you just like many people do on their phone lock screen.

“Once you have selected an image, we divide the image into a grid. The longest dimension of the image is divided into 100 segments. The shorter dimension is then divided on that scale to create the grid upon which you draw gestures.

“To set up your picture password, you then place your gestures on the field we create. Individual points are defined by their co-ordinate (x,y) position on the grid. For the line, we record the starting and ending co-ordinates, as well as the order in which they occur. We use the ordering information to determine the direction the line was drawn in. For the circle, we record a centre point co-ordinate, the radius of the circle, and its directionality. For the tap, we record the co-ordinate of the touch point.

“When you attempt to sign in with Picture Password, we evaluate the gestures you provide, and compare the set to the gestures you used when you set up your picture password. We take a look at the difference between each gesture and decide whether to authenticate you based on the amount of error in the set.

“If a gesture type is wrong – it should be a circle, but instead it’s a line – authentication will always fail. When the types, ordering and directionality are all correct, we take a look at how far off each gesture was from the ones we’ve seen before, and decide if it’s close enough to authenticate you,” Pace explained.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years