North East Bytes - a Microsoft technology usergroup in North East England.

Powered by Squarespace

« Time to move on from Windows XP | Main | HTC Windows Phone 8X - Early Impressions »
Tuesday
Nov132012

Win8/RT Tip: Make your Picture Password harder to guess

One of the nice things that Microsoft have done in Windows 8 and RT for people using a touchscreen, like on the Surface, is provide a new way of signing in with a Picture Password. They expain in a comprehensive post how secure it is, but in practice I believe that many users will reduce the level of security by too closely following Microsoft's examples.

What are the chances that a large percentage of Picture Password users select an image of family members or pets, or similar and then create their three gestures by circling heads and drawing dots on, or lines between, noses? With no scientific basis other than the experience I've had of seeing how bad most people are at selecting passwords, I'm going to say it's going to be a significant number.

My solution is actually pretty simple and effective from both an aesthetic and security perspective.

Don't use a single photograph, but instead select 6-10 images of your chosen subjects and then use Microsoft's free Photo Gallery software to create a collage with far more points of interest and more potential points to use in your gestures.

In this case, I'm selecting a few pictures of my son: 

You then go to the Create menu and select Auto Collage (I choose Large Landscape in case I also want to use it as desktop or lockscreen wallpaper).

At this point you'll be asked to name the file that's going to be produced. Now, because it's an auto collage, you don't get any say over the positioning or order of the images so you might not like the result first time round. I removed one of the images from the selection and then created a second collage:

Now, just think of the different number of things that I could circle, or draw points or lines on, in that image. Yet it's still personal to me and it'll be easy for me to remember my own gestures.

I think the images produced by this method make for a really nice looking and more complex picture to use for Picture Password. You could obviously use a different method to produce your own collage where you take more control of it, but I was going for free and easy here.

That said, if you're set on a less complex single image for some reason, please consider how easy your gestures might be to guess. If they were easy for you to think up, they could be pretty easy for someone else to guess in five attempts if they manage to get hold of your device, so put at least one of your gestures in an area of the image that lacks an obvious point of interest.

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (2)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: ceasuri guess
    Win8/RT Tip: Make your Picture Password harder to guess - Blog - jonoble.com
  • Response
    Win8/RT Tip: Make your Picture Password harder to guess - Blog - jonoble.com

Reader Comments (2)

Nice idea, although I personally don't think it would be that easy to guess someone's picture password.
I also hate those fuzzy fades around those autocollage images! Picasa has much better collage options IMHO.

How about a page out of your favourite book as a an image and you could draw a line through certain words? Or maybe one of those "Alphabet of ..." posters that seem to float around on the internet these days? Lot's of combinations in that too.

If I was really clever I'd have a solid colour and just remember where to draw :P

November 14, 2012 | Unregistered Commenter@thommck

Picasa is another good option, Thom - I was just using what I already had installed. I will say that on the image that I'm actually using as my picture password, Photo Gallery has done a much better job of the edges - in one case it blends at the point where there's a cloud of smoke that surprised me with it's artistic nature - I don't know whether that's down to a clever algorithm or a fluke, but it works really well.

A page of a book or alphabet would be a good choice too. I actually think that a solid colour is less good an idea because smudges will be more easily visible. I know that smudges are masked during normal use, but I've lost count of the number of times (during meetings/presentations/etc) that I've unlocked a device only to glance at the screen and not otherwise used it until it needed unlocked again (and again).

My aim with this was to get people to think outside of the examples that Microsoft provide. When I first setup my Picture Password, I set it to something so similar to the demos that I'd seen that when I thought about it twice, I knew that a) I should probably pick something different, and b) a lot of other people will likely do something very similar.

You're right, and Microsoft show mathematically, that it shouldn't be very easy to guess a picture password. It wouldn't be especially easy to guess my normal password; but that doesn't mean that I couldn't, or shouldn't, make it even harder to crack! :-)

November 15, 2012 | Registered Commenterjonoble

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>