WINDOWS 8 PICTURE PASSWORDS HACKED
By Naven Jones, Freelance Investigative Journalist
Microsoft has heavily advertised a new feature for signing into their new touch
screen friendly OS, Windows 8. They call it picture passwords. Instead of
typing something, you are presented a pre-chosen picture, and you make finger
gestures on it. This might come in handy when you don't have a keyboard, but I
have uncovered a problem. Picture passwords are hackable.
How does it work? Our skin is constantly producing oils. When we touch things,
those oils rub off. Fingerprints have been a way to catch criminals since it
was first discovered that each of us has a unique pattern. Finger trails are
the vulnerability in picture passwords. You will leave them when you make
finger gestures on a touch screen.
I don't know if you can see this, but when I shine a light on this darkened
screen, I can see finger trails. One is a circle, one looks like an X, one
looks like a line. The line is bolder at its ends as if the screen were touched
more firmly there. I asked a friend of mine if I could try to use her computer,
as I am new to Windows 8, and wanted to try it. She said yes. Before she could
tell me that she would have to log in for me first, I was in.
My friend turned white as a sheet, and asked me "How did you know how to do my
picture password? You couldn't have just guessed it, I made it hard!" I then
turned her PC back off, and shined a light on the screen, showing her the
finger trails. I told her that I had seen picture passwords on a Windows 8
commercial, and thought that they would leave behind finger trails. I wondered
if they would be all a hacker needs. They indeed were.
I had thought about it a lot before trying this out. Most people will probably
move left to right, because we read that way. If people use a round gesture,
they will probably make it clockwise. We naturally prefer it that way. After
all, if you start making a circle at the top and move left to right, that is
clockwise. If they use taps, they will leave bold spots, and a pattern between
them that will reveal their order, because they probably won't pick up their
fingers all the way. I was right, and I cannot be the only person who thought
of this. I imagine that what I observed will be reversed in countries where
they read right to left.
The most obvious thing I can say here is don't use picture passwords. If you do
because it is the easiest way with no keyboard, clean your screen every time
you use it, and hope that this will always erase the pattern you leave behind.
Even with this, skin oils may eventually leave a permanent mark.
HOME
--
You received this message because you are subscribed to the Google Groups "The
Unique Geek" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/theuniquegeek?hl=en.
