The problem with using passwords
Microsoft recently noted, “Currently, the most common way people verify their digital identity is by using a password. Passwords are used to sign in to your computer, to your bank, to web merchants, and lots of other places. Our research has shown us that the average person using a PC in the United States typically has about 25 online accounts. That’s a lot to keep track of! In fact, the data also shows that the number of unique passwords across those 25 accounts is only about 6. For folks who spend time thinking about security, that’s a worrisome finding as it shows that the average person reuses the same password quite frequently across accounts.”
Microsoft aims for Windows 8 to be the beginning of the solution as they unveil their complex algorithms to allow users to use pictures combined with gestures (called Picture Password) as opposed to typing in memorized passwords.
By using one of your own photos from your computer on a touchscreen system, Picture Password prompts users to set up three gestures users can draw with their finger, combining a tap, a line drawn, or a circle drawn. After creating the specific combination of user-determined drawn patterns, a password is set requiring only a finger tip and no typed passwords which Microsoft says is exponentially more secure.
Microsoft limited the gesture types after extensive research, finding that free form shapes drawn took more time, so the limit is to expedite user behavior. The company says it is one of the most secure login processes, even with the allowance for a 10 percent error rate, meaning if you tap just to the left of your saved gesture password, it will still accept it, so cold and shivering users will not be punished for imprecise password entries.
The company wrote, “Although we’re very happy with the robustness of a picture password, we know that there are a variety of businesses for which security is paramount, and anything less than a full password is unacceptable. As such, we’ve implemented group policy that gives a domain administrator the freedom to choose whether picture password can be used. And of course, on your home PC, picture password is optional as well.”
To learn more about the complex math and to see a video demonstration, click here.
