Windows 8 security takes on different strokes

Powered by SC Magazine
 

Line beats circle, circle beats dot.

Windows 8 has been outfitted with a password gesture log-in platform that Microsoft says is tough to crack.

Zack Pace

The scheme uses circles, lines and dots defined by users and mapped on images as a replacement for text passwords.

Microsoft said the patterns were easier for users to memorise and more complex than text passwords.

The minimum three gestures required could produce a billion possible unique combinations compared to a three digit “complex” password that could generate 81 thousand combinations, Microsoft program manager Zach Pace said.

And the numbers scale. A gesture password that includes five shapes could produce 398 trillion combinations while a five character complex password would produce 183 million combinations.

A combination is authenticated if the inputted gestures are 90 per cent accurate.

Gesture accuracy score

Lines had more combinations than circles, while dots had the least.

Microsoft binned plans to allow free form design which would introduce more entropy because field tests revealed users stuggled to duplicate gestures.

They also spent too long attempting to pefecting mimic gestures instead of faster swipes used in the current system.

The system can be set to accept text passwords and will fail over to the format after five incorrect gesture guesses.

While the numbers look impressive, it raises the possibility that attackers could watch users input gestures from “points of interest” – like noses, eyes and hands.

But Pace said mimicking “points of interest” does not work in practice.

“The areas people chose and the kind of gestures they drew upon them correlated very poorly in the lab,” he said.

“Assuming the average image has 10 points of interest, and a gesture sequence length of three, there are 8 million possible combinations, making the prospect of guessing the correct sequence within five tries fairly remote.”

Following smudge marks for touchscreen devices fails too. Even in perfect conditions where only password smudges remain, each gesture could be swiped differently.

Copyright © SC Magazine, Australia


Windows 8 security takes on different strokes
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
Will Nutanix be outflanked before reaching IPO?
VMware muscles in on storage startup in hyper-converged infrastructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Looking for storage? Seagate has five new small business NAS devices
Aug 22, 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 645

Vote