Dec 27, 2011

How much of a security boost will Windows 8's gesture based "password" provide?

The idea of using finger movements to log to tablet PCs seems interesting, even as it makes me think of something I would see on an old episode of Star Trek. The way it works, as I understand it, is that users choose a photo and then make a series of finger movements like circles and lines on the appropriate place of the photo in a set sequence instead of picking a password. In light of how common the use of "password" is as a password, I can't help but think this will be an improvement to some users. Do you think that it will be a benefit to those of us that use more secure passwords, or is this gesture based login of primary benefit to those with extremely weak passwords? I mean, sure, my "1234asdf" password is awesome, but.....


Well, I do like the idea of picking out a photo that lets me poke my mother-in-law in the eye then draw a smilie face on myself each time I want to log on.  (I kid, I kid, I actually like my mother-in-law).  As was noted, there are so many users that have passwords that make me cringe and are so weak they might as well not use one, so ANY improvement will be welcome.  I know that some people have concerns that someone could look over your shoulder and memorize log in gestures, but I don't see that as being much more of a risk than someone peeking at you type in your password.  What I am curious about is whether this gesture based login will extend to applications, and if so, I think it is a step forward for tablet security.

Well, what's to stop users from using the easiest gestures imaginable? As you pointed out some people are lazy and use the most obvious things for their passwords. Will there be gesture equivalents of this?

And will there be ways to hack or otherwise get around these gestures? I suspect there will be at some point. So perhaps it will just end up being a moot point as far as long term security goes?

Boy, I sound a bit cynical here don't I? Heh, heh. Maybe I've been around too long and I just tend to roll my eyes at the latest & greatest security mechanisms. Time will tell on this, I suppose.

But a lazy user is still a lazy user, whether they use gestures or passwords.
Answer this