Windows Picture Passwords - are they really as "easily crackable" as everyone's saying?
If you've used Windows 8, or even just seen the ads for it, you'll know it has a feature called Picture Passwords. You choose a picture, any picture, and then "annotate" it with three finger movements: you can tap a point, draw a stroke, or sweep a circle. The picture helps you to remember where you made the gestures, so you can repeat them reliably enough to pass the test and unlock your device. If you have a touch screen tablet, Picture Passwords are surprisingly handy. (Pun intended.) But how safe are they?
One of the ads I've seen for Windows 8 made a pretty big deal out of the coolness of Picture Passwords, and illustrated their convenience with a login sequence to which my immediate reaction was, "Surely not?" The ad showed a picture of someone's two young daughters, heads close together and looking at some distant object; the password involved circling their heads and then drawing a line in the direction they were looking. That struck me as far, far too easily guessed; a bit like an ad showing someone choosing the keyboard password SECRET and implying that would be good enough.