Sign In

Communications of the ACM

ACM TechNews

Windows 8 Picture Passwords Easily Cracked

An image of a Microsoft Windows 8 picture password.

Researchers say an experimental model and attack framework they devised was able to crak nearly half of picture passwords in one dataset, and about a quarter of passwords in another dataset.

Credit: TechDigest

Microsoft Windows 8's picture gesture authentication (PGA) system is not difficult to crack, according to security researchers from Arizona State and Delaware State universities.

The researchers say their experimental model and attack framework enabled it to crack 48 percent of passwords for previously unseen pictures in one dataset and 24 percent in another, in a paper presented at the recent Usenix Conference in August.

The researchers also believe their results could be improved with a larger training set and stronger picture-categorization and computer-vision techniques.

Windows 8 offers gesture-based passwords and traditional text-based passwords. Setting up a gesture-based password involves choosing a photo from the Picture Library folder and drawing three points on the image to be stored as grid coordinates. However, users tend to pick common points of interest, such as eyes, faces, or discrete objects, and the passwords derived from this constrained set have much less variability than randomly generated passwords.

The researchers suggest Microsoft could implement a picture-password-strength meter, and integrate its PGA attack framework to inform users of the potential number of guesses it would take to access the system.

From InformationWeek
View Full Article


Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


No entries found