Windows 8 picture password

Windows 8 introduces significant changes to the operating system’s graphical user interface and platform; such as a new interface design incorporating a new design language used by other Microsoft products, a new Start screen to replace the Start menu used by previous versions of Windows, a new online store that can be used to obtain new applications, along with a new platform for apps that can provide what developers described as a “fast and fluid” experience with emphasis on touchscreen input.

However one of its best feature is Picture Password. So What is this Picture Password and new Password Management Tool in Windows 8.

Days are gone where we have to manually type passwords, remember those passwords which are very difficult to memorize when we change them frequently. For security reasons we include special symbols, digits and what not in our password.

Windows 8 introduced an innovative way to login to your computer. Picture Password, the all new password management tool from Windows 8. All we need to do is to record some gesture on the picture and it will be saved as the password to login to the system. Generally it is easy to memorize the gesture compared to the complex passwords.

Even bruteforce attack can not crack this kind of gesture used for password. Microsoft says “Picture Password is a new way to help you protect your touchscreen PC”.

We can choose our own picture and create gestures for password. It is uniquely ours. Once the picture is selected, draw different combinations of circles, straight lines,  taps. The size, position and the direction of your gestures become part of your picture password.

How it works

Once you have selected an image, it is divided into a grid. The longest dimension of the image is divided into 100 segments. The shorter dimension is then divided on that scale to create the grid upon which you draw gestures.

To set up your picture password, you then place your gestures on the field  created. Individual points are defined by their coordinate (x,y) position on the grid. For the line, starting and ending coordinates are recorded, as well as the order in which they occur. The ordering information is used to determine the direction the line was drawn in. For the circle, a center point coordinate , the radius of the circle, and its directionality are recorded. For the tap,coordinate of the touch point is recorded.

When you attempt to sign in with Picture Password the gestures you provide is evaluated, and compared with the set to the gestures you used when you set up your picture password. Difference between each gesture and is analyzed and it is decided whether to authenticate you based on the amount of error in the set. If a gesture type is wrong—it should be a circle, but instead it’s a line—authentication will always fail. When the types, ordering, and directionality are all correct, it is determined at how far off each gesture was from the ones seen before, and decide if it’s close enough to authenticate you.

As an example, let’s take a look at the tap gesture. The tap is the least complex of the three gestures both in number of unique permutations and in the subsequent analysis. When considering whether the spot that you’ve tapped matches a reference spot, our scoring function compares the distance between the gesture you recorded as part of your picture password and the one that you just performed. The score decreases from 100% for a perfect match to 0% when sufficiently far away. Points match when the score is >= 90%. Here is a visual representation of the scoring function for a point in the immediate vicinity of a 100% match.

The area that is scored a match is a circle of radius 3. For any specific tap, a total of 37 (X,Y) locations will return a match.