The math behind Windows 8's picture passwords

In bringing what was traditionally a desktop operating system into the mobile space, Microsoft went ahead with cooking up an interesting scheme for logging into a Windows 8 tablet (or if you're really inclined, a laptop or desktop) - using your favorite photos as a password.

Where others have settled with drawing lines on a grid, Windows 8's picture passwords offer you a triple combination of taps, circles, and lines on your photo. Not so surprising are the strength of picture passwords compared to PIN numbers, but as Microsoft explains on the Building Windows 8 blog, it beats complex text passwords as well.

How does this work? Gestures are tracked along an invisible grid that is scaled according to the size of the screen. The grid is divided into 100 square units along its longest edge, and scaled accordingly to fill the shorter edge - as an example, a 1366x768 screen with a photograph taking up roughly 80% of the screen will have a 100x70 grid.

When logging in, the OS compares the distance between the gestures recorded as part of the picture password setup process, and those done while attempting a login. The following grid shows the "accuracy" of a gesture from the actual recorded location; a login attempt will fail if the score falls below 90%. Login attempts will automatically fail if one draws the wrong shape (for instance, a line in place of a circle):

In recording the shapes one draws on the screen, the OS also remembers the direction and the order of the shapes drawn by the user.

So how many passwords can you get out of taps, circles, and lines? Using mathematical assumptions, one can obtain 2,743,206 unique combinations from 3 taps, 4,509,567 combinations from 3 circles, and 412,096,718 combinations from 3 lines. Combine all three together, and you've got 1,155,509,083 passwords!

Compare this to just 1000 unique PIN combinations with 3 characters, 17,546 passwords with just 3 lowercase letters, and 81,120 passwords with 3 alphanumeric characters and symbols.

One possible flaw of a gesture-based login system is the possibility of guessing a password based on fingerprints on a screen. Assuming the worst case scenario where a user enters a password on a clean screen and leaves the device open for an attacker, it still leaves them with 48 possible passwords. Even in that case, Windows 8 will only allow 5 attempts to guess a picture password before the user is forced to enter their regular Windows password.

The other obvious flaw is the ease of looking over a user's shoulder to steal their password. Given that picture passwords will usually be based on visual cues and thus very easy to hijack, users should definitely be aware of their surroundings while logging in.

As with most new features in Windows 8, Microsoft will offer Group Policy settings to disable picture passwords on corporate machines.

A brief demo of the login process is available below:

The result of Microsoft's solution is an unique login solution that is easy for people to remember, and assuming they don't just tap on people's noses from left to right, a password that is hard to guess.

Image Credit: Building Windows 8

Report a problem with article
Previous Story

Microsoft's design director on Windows 8, Metro and more

Next Story

New Windows 8 pre-beta screenshots leak out

32 Comments - Add comment