Password protecting access to Windows user accounts is now the norm, and a variety of other devices – mobiles and tablets, for example – offer other security features such as PIN protection and facial recognition unlocking. Windows 8 enables you to protect your account with a picture password; but is it a good move?
What this means is that you are able to draw shapes, tap or click points, and generally gesture in a particular pattern over an image you have chosen. It’s a feature that has really been designed with touchscreen devices in mind, but there is nothing to stop you from using it with a mouse on a standard PC.
The attraction of a picture password is obvious. To start with, it is a slightly more ‘fun’ way of gaining access to your account and for anyone who is a slower typist, it may well prove to be a faster means of logging in.
But is the feature all that it’s cracked up to be?
Enabling Picture Passwords
Bring up the Settings charm using whatever method you prefer – hitting the Windows key and I is quickest and easiest – and then click Change PC Settings at the bottom.
Click the Users link in the left hand list and then to the right click ‘Create a picture password’. Before you can continue, you will need to enter your regular password; this helps to prevent other people from causing confusion by changing settings on your behalf. It would not be possible to lock someone out of their account by setting up a picture password, as we will see.
A picture password is meant to be personal – that is the point of it, really – so click ‘Choose picture’ to select the image you would like to use. It is a good idea to choose an image that has fairly obvious, defined shapes or lines in it rather than an abstract picture as you’ll need to be able to remember just where on the picture you need to gesture.
When you have made your selection click ‘Use this picture’ and you will be invited to configure the gestures you want to use. You are limited to using three gestures and you can choose between taps (or clicks) straight lines and circles.
You will have to remember exactly how you performed these gestures. When you draw a circle, or use a line to join up two points on a picture, it’s not enough to know where to draw, the direction also has to be correct. Having configured your three gestures, you will have to repeat them to prove that you have remembered the combination.
Now when you switch on your computer, or activate the Lock Screen, you will have to input your gesture to gain access to your account… or will you?
Limitations and Problems
In theory, using a picture password should be incredibly secure – after all, there are infinite combinations of taps, clicks lines and shapes that you can use – but this is not the reality.
The first thing to bear in mind about Picture Passwords is that they can be overridden. Setting up a gesture-based password does not replace your regular alphanumeric password, and on the lock screen itself there is an option to switch back to the standard login option.
This is not an extra layer of security, merely an alternate means of logging in. With this in mind, picture passwords should be seen as something of an interesting curiosity and a helpful alternative login method rather than something that adds security.
There is an additional problem for touchscreen devices. Tapping and drawing gestures on screen leaves behind oils and other smears meaning that, in the right light at the right angle, it has been suggested that it might well be possible to decode your gestures.
That said, if you have a touchscreen device, you are going to be making other gestures that also leave marks behind, so this is probably not a real cause for concern.
How do you secure your Windows 8 account? Do you stick with a regular password or do you like the idea of picture passwords? Or have you taken things further and installed a secondary authentication device such as a fingerprint reader?
Mark Wilson is a software fiend and a fan of the new, shiny and intriguing. Never afraid to get his hands dirty with some full-scale geekery, he’s always trying out the latest apps, hacks and tweaks. He can be found on Twitter and Google+.
- Published 02/3/13