Microsoft today revealed more details on its picture password sign-in feature that will be native to Windows 8. The feature is more geared towards the tablet interface as it requires touchscreen functionality. It’s been available in the Windows 8 Developer Preview and now we get a more in-depth look at how secure it is and how it was built.
The picture password feature has two main steps to logging in. First, you must select a picture of your own instead of a stock image provided by Microsoft and then you will indicate a set of gestures in relation to points on the image that you would repeat to sign in.
These gestures will take into account the shape, the start and end points, as well as the directionality. However, the shapes and gestures are limited to tapping and tracing a line or circle. Microsoft found that limiting the gestures improved the speed of sign-ins by three times compared to allowing freeform methods.
Incorrect gestures will always deny a login, but there is some tolerance. Five unsuccessful attempts will lock out the PC until you can log in with a plain text backup method. For extensive details on how it works, you can visit Microsoft’ Building Windows 8 blog post here.