Information Security News mailing list archives
Windows 8 picture password is 'Fisher-Price toy' says father of 2-factor authentication
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 27 Dec 2011 05:38:30 -0600 (CST)
http://www.networkworld.com/news/2011/122211-windows8-authentication-254372.html By Tim Greene Network World December 22, 2011The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token.
"I think it's cute," says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. "I don't think it's serious security."
The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance - making it relatively easy to compromise, he says. Designers of alpha-numeric passwords recognize this danger and have responded to it by having password characters appear as dots on the screen so the password can't be copied down.
Designers of Windows 8's picture login have made a traditional password an alternative, perhaps in acknowledgement of this shortcoming, he says.
[...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Windows 8 picture password is 'Fisher-Price toy' says father of 2-factor authentication InfoSec News (Dec 27)