Windows 8 Picture Password is 'Fisher-Price Toy'

It would seem that not everyone is impressed with the picture password feature in Windows 8. The inventor of RSA's SecurID token actually said the new feature is like a "Fisher-Price toy." It would be funny to see Microsoft challenge him to defeat it.

"I don't think it's serious security." All in all, "It's more like a Fisher-Price toy than a serious choice for secure computer access," he says. Still, it's better than nothing, he says, and it is raising awareness of login security.

Click to expand...

I would imagine there is still the option to have the standard typed password if you want it?

Wasn't there some crapola like this called MS "Bob"?

Somebody put the security nazi back in his box. Good grief.

whiz187 said:

Wasn't there some crapola like this called MS "Bob"?

Click to expand...

I think you are really confusing things here. The Picture password feature is much like the dot password on your mobile phone. You touch or use certain motions as your password rather than enter in an alphanumeric.

MS Bob on the other hand was a type of gui shell that was supposed to make things easier for a novice to navigate. It used an office graphic to depict different applications rather than a standard menu system.

As for the RSA security person's thoughts, I throw them all out the window. RSA talks a lot of crap about other security measures because they compete with their solutions. But their own solutions have been cracked quite a few times. As for the argument they make over someone easily being able to record someone's swipe, well someone could also easily record what someone types on the keyboard as well, so that is the most idiotic argument I have heard. Because Windows 8 will also be available for mobile markets and tablets, this feature makes more sense than an alphanumeric password imho. But it is no substitute for good multi-factor authentication.

The future of user identification is expanding, and this is a good step.

My ideal system would use my password, the way I type the password (rythm, pattern, etc), and a camera to look for me.

Satisfy any of the two conditions and you're good

Pssstt I got a secret! You can video tape a person typing on a keyboard too! Don't tell anyone it's top secret information!

I agree. I don't think this kind of stuff is important enough to be working on.

I believe this is a great way to introduce security features to the non-[H] out there.

I wonder if in the future it will be able to measure the speed of your swipes, the pressure used, and any hesitation at turning points.

schizrade said:

Somebody put the security nazi back in his box. Good grief.

Click to expand...

This. It makes me think of an old guy going "You kids and your safety razors! Why, when I was young I used a straight razor and sharpened it with a razor strop every day!"

niconx said:

Pssstt I got a secret! You can video tape a person typing on a keyboard too! Don't tell anyone it's top secret information!

Click to expand...

Pssst. Free Warcraft Mount email is keylogger in disguise.

They need to find ways to make keyloggers non-existant.

Here's the reason I think this technology is viable. The average person is not security aware, and to clarify I mean technology security specifically. This is why you see the reports of terrible and easily cracked passwords all of the time. Is Picture Passwords the end-all solution to this? No, but it adds a somewhat stronger level of security for these average people. Besides, some people are more visually oriented and this plays directly into that fact. Drawing a 'password' instead of typing it (and having to think about gestures instead of obscure word/character combinations) is just easier for some people.
So in my opinion, this is a good thing. If you already use a strong 15 character password or have systems with two factor authentication, then good for you. But the average person does not and this is good overall.