Windows 8 will include new log in protection
Chris - December 20th, 2011 2:54 PM
Using Windows 8 devices could include signing onto the operating system by tapping, circling or touching pictures.
Similar to the log in patterns by Android, Microsoft has revealed details of a login system for the next version of Windows based around pictures a user stores on a touchscreen device.
Only when certain parts of an image are tapped or touched in the right order will a user be able to access a device.
Experts have said it may hinder people using weaker passwords but could lead to other loopholes that are harder to solve.
Microsoft published the idea of using images to sign on to a device via a blog written by engineers working on Windows 8 – the next version of the Windows operating system expected to be released next year.
Windows 8 is designed for touchscreen devices such as tablets and the novel sign-on systems makes use of the sensitive displays they are likely to sport. It suggests Windows is moving further away from the traditional keypad approach and creating a system that fully relies upon the touch.
The replacement system proposed by Microsoft includes a picture chosen by a user from their array of images on the device.
On this image, users will be encouraged to tap on, underline or circle the parts that are important to them. The sequence of gestures, including start and end positions and orientation act as a key to unlock the device.
Graham Cluley, senior security researcher at Sophos, said the research was “interesting and cute” but may introduce other security problems.
It could, he said, make people vulnerable to “shoulder surfing” – a practice better known from cash machines where crooks try to spot a victim’s Pin as they tap it into a number pad.
“With normal password entry, what you’re doing is asterisked on the screen,” said Mr Cluley. “With this gesture input, folks may find it easier to see the movements you are making.”
There might be more value in operating systems encouraging people to use stronger passwords by refusing to let them use dictionary words or ones that are easy to crack, he added.