PRLog - Oct. 9, 2012 - Breaking new ground, Windows 8 boasts improvements in signing in to the system. The developers have not only made it more secure and faster (especially for touch-screen gadgets), but also more pleasant. It is no secret that the majority of users prefer simple numeric passwords or just do without them all together, thereby increasing the risk of hacking. Windows 8 next generation graphical login is neither time-consuming, nor forgettable. Users select a favorite image from their gallery of photos and a set of gestures, which appear over the image. The password is so personal and perfect for touch-screens, that signing in is even enjoyable.
The picture password is now being tested in the pre-release version for developers. In September, though, some drawbacks of the new authentication method were reported by Passcape Software. The picture password had seemed invulnerable, because whoever tries to guess it must know how and what parts of the image to choose, and in addition, the gesture sequence. However, security experts from Passcape discovered that such a unique password is based on a regular account. A user should first create a regular password-based account and then optionally switch to the picture password or PIN authentication. Notably, the original plain-text password to the account is still stored in the system and any local user with Admin privileges can decrypt the text passwords of all users whose accounts were set to a PIN or picture password. In this regard, the picture/PIN login cannot be considered the sole reliable means of ensuring data security against cracking.
Experts warned that users should not only rely on the security of the picture password. It is difficult to break, they agreed, but it is necessary to take additional measures to protect the original text password. Moreover, the text password can still be used to log in to the system, so perfect security in Windows 8 is still an issue for further innovations.
More information about the picture password vulnerability can be found on Passcape´s blog:
Company web-site: http://www.passcape.com/