This is not really new, though. I remember reading a similar article about how this type of password was active on some model of Android phones (I think), and it was the same thing -- the oils on your fingers make this password style very vulnerable.
I thought this the first time I saw that ridiculous commercial with the picture passwords. On Friday, December 14, 2012 7:03:07 PM UTC-5, cwpreston wrote: > > > WINDOWS 8 PICTURE PASSWORDS HACKED By Naven Jones, Freelance > Investigative Journalist > > Microsoft has heavily advertised a new feature for signing into their new > touch screen friendly OS, Windows 8. They call it picture passwords. > Instead of typing something, you are presented a pre-chosen picture, and > you make finger gestures on it. This might come in handy when you don't > have a keyboard, but I have uncovered a problem. Picture passwords are > hackable. > > How does it work? Our skin is constantly producing oils. When we touch > things, those oils rub off. Fingerprints have been a way to catch criminals > since it was first discovered that each of us has a unique pattern. Finger > trails are the vulnerability in picture passwords. You will leave them when > you make finger gestures on a touch screen. > > I don't know if you can see this, but when I shine a light on this > darkened screen, I can see finger trails. One is a circle, one looks like > an X, one looks like a line. The line is bolder at its ends as if the > screen were touched more firmly there. I asked a friend of mine if I could > try to use her computer, as I am new to Windows 8, and wanted to try it. > She said yes. Before she could tell me that she would have to log in for me > first, I was in. > > My friend turned white as a sheet, and asked me "How did you know how to > do my picture password? You couldn't have just guessed it, I made it hard!" > I then turned her PC back off, and shined a light on the screen, showing > her the finger trails. I told her that I had seen picture passwords on a > Windows 8 commercial, and thought that they would leave behind finger > trails. I wondered if they would be all a hacker needs. They indeed were. > > I had thought about it a lot before trying this out. Most people will > probably move left to right, because we read that way. If people use a > round gesture, they will probably make it clockwise. We naturally prefer it > that way. After all, if you start making a circle at the top and move left > to right, that is clockwise. If they use taps, they will leave bold spots, > and a pattern between them that will reveal their order, because they > probably won't pick up their fingers all the way. I was right, and I cannot > be the only person who thought of this. I imagine that what I observed will > be reversed in countries where they read right to left. > > The most obvious thing I can say here is don't use picture passwords. If > you do because it is the easiest way with no keyboard, clean your screen > every time you use it, and hope that this will always erase the pattern you > leave behind. Even with this, skin oils may eventually leave a permanent > mark. > HOME <http://www.uncoveror.com/index.html> > > -- You received this message because you are subscribed to the Google Groups "The Unique Geek" group. To view this discussion on the web visit https://groups.google.com/d/msg/theuniquegeek/-/clMLspKgxfMJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/theuniquegeek?hl=en.
