Microsoft details Windows 8′s new picture password feature

By Tom Warren, on 16th Dec 11 6:56 pm with 48 Comments

Microsoft took the time to detail its Windows 8 picture password feature on Friday.

The picture password feature allows Windows 8 users to select their own personal picture and sketch three different patterns over the picture to login. The new authentication system makes it easier for tablet and touch users to login to a Windows 8 PC. Microsoft filed a patent for the feature in February, 2008. The feature works by dividing the image into a grid. “The longest dimension of the image is divided into 100 segments,” says Microsoft’s Zach Pace in a blog post on Friday. “The shorter dimension is then divided on that scale to create the grid upon which you draw gestures.” The result allows Windows 8 users to pick a photo and draw gestures over it to sign-in to their account. Gestures can include lines, circles and taps. Microsoft considered the amount of gestures required by analysing the different combinations required to create a secure environment.

“Picture password is provided as a login mechanism in addition to your text password, not as a replacement for it,” notes Pace. “You should be sure to have a good hint and use safeguarding mechanisms for your text password, which you can still always use to sign in.” Microsoft also detailed concerns over smudges visible on touch screens that could reveal picture or PIN based passwords. The software maker assessed a variety of methods to obtain the PIN or picture password sequence on a clean screen with only the gestures visible via smudging. The number of ways for ordering a 4 digit PIN is 24 according to Microsoft, if an attacker is able to see where all four smudges are present on the screen. This is improved to 48 combinations based on line and circle gestures.

“Although we’re very happy with the robustness of a picture password, we know that there are a variety of businesses for which security is paramount,” admitted Pace. “We’ve implemented group policy that gives a domain administrator the freedom to choose whether picture password can be used. And of course, on your home PC, picture password is optional as well.”

  • Jubbin Grewal

    Really looking forward to this. I would actually use this feature, as opposed to the current password system.

    • Simplycani

      its already availabe in preview :) u can start using :)

    • Jubbin Grewal

      Obviously I know that haha, I just meant when Windows 8′s full version comes out.

  • Adam MacLaren

    is that application opening animation different (at :15)? i like it. maybe i just missed it before.

    • Anonymous

      It seems new. The flipping animation is not new, but now it seems that the flipping card animations goes from small to big. looks good.

  • doctorwhofan98

    Though it seems cool, it can’t be very fast to log in using that method. Especially if you’re using a mouse.

    • Jeff Kibuule

      One would assume if you are using a mouse, you have a keyboard which can type faster than any gestures you can make. However on a tablet, gestures >>> typing long character passwords on an on-screen keyboard.

    • Anonymous

      he specifically said for using touch*

    • William Moore

      I am currently useing a picture password with a mouse and it probably takes 5-10 sec to get in.. not really all that slow. yeah not the 1-2 sec with typeing a password I guess but still.

    • Guest

      1-2 seconds? What’s you password, “A”? ;-)

    • Racaca

      I can easily type my 8 character password in less than one second.

    • Nguyen Ngoc Hung

      Life is too short you cant use picture password :-<

  • Adam

    I actually just started using this the other day on my Win8 slate. I had been using PIN unlock but this is nifty.

  • Chris Woelfel

    i use this on my slate…so much better and faster than regular login

  • Anonymous

    4 words: I LOVE THIS COMPANY!!

    • Nguyen Ngoc Hung

      Will this mean Steve Ballmer is gonna be the next big Steve ;))

    • Anonymous

      Lol, you watched him screaming that too?

    • Anonymous

      BIG Steve? Definitely.

  • Anonymous

    “so it’s hit your little brother, fondle your niece and circle your cat?”


    • Denis Jelec

      Made me chuckle. :)

    • Guest

      Let’s hope so. If instead it’s fondle your cat or little brother, then …. well lets not even go there.

  • Cristian

    its a good thing microsoft pantented this. didnt apple steal the thumbs keyboard from windows 8 when microsoft first showed it off.

    • Guest

      Repeat after me: Apple invented everything ever done in technology. /s

    • Carlos Ribeiro da Fonseca

      Probably not since MS and Apple have a really big patent sharing deal going back to when MS saved Apple’s bacon.
      Apple gets to us MS’s patentes, but MS also gets to use Apple’s.
      And they both get to sue Google’s buddys :) 

  • Anonymous

    very cool, can I meet your little sister?

  • Anonymous

    picture passwords are not new in academics. however their fatal flaw remains:
    unlike password boxes which hid the password, anybody looking at your screen can see what to do if they see you do it once.

    • Guest

      A picture password is mathematically much more secure than an alphanumeric one. Obviously if you’re stupid enough to key it in with someone watching you there’s a risk of them being able to duplicate it, just like they could watch you type in an alphanumeric one. But since MS is providing the choice of either, it’s moot.

    • Nguyen Ngoc Hung

      I agree somehow. But you still can switch to your PIN or LIVE ID password to log in. Just dont use picture password when people are arounnd cause yes, its easier to remember. But after all  I think it just for fun, but still makes sense as a password method ;)

    • Jeff Kibuule

      A password is only as secure as the environment which it is used in. If you’re in a crowded place where you might have people looking over your shoulder, use the keyboard. But I’d say for a good chunk of the time, a picture password would suffice.

  • Anonymous

    I just set Picture Password up on a Win8 desktop with touch.   I had to use touches, as my circle or line abilities are not that good.

    I hope by Beta Microsoft will write some written documentation on the Metro interface.  I don’t reliably know what to do next in most situations.

  • Anonymous

    this is fail. How the hell am I supposed to remember 3 different visual gestures?

    • Will Fisher

      by not being…urrr….retarded 

    • Guest

      Well that disqualifies ArrowSmith for sure.

    • Guest

      How do you keep track of your ten different personalities, MPD shill? Anyway, don’t worry about it. It’s Windows only, nothing an itard like you need fear.

    • Anonymous

      its easy. First select a photo you are familiar with…how bout that one of you standing next to the short bus you take to school everyday? Then make a circle around each wheel. You know what wheels are right? just think of the song…”The wheels on the bus”! and you’ll remember that they go round….so you’ll know to make circles. Then touch that giant forehead of yours. You know the one daddy says looks like a drive-in theater screen? And their you go! you did it!!! yeah!!!

    • Guest

      You sir, have a rare gift for dealing with the mentally challenged. Bravo!

    • Vadi91

      The same way u remember ur long digit passwords.., its easy..

    • Ken Blazek

      It says to use ANY combination of the three gestures. COMPREHENSION

    • Anonymous

      Sir, theres nothing difficult if you finished your school…So first finish your school, it ‘ll be easier to understand all after that…

    • Anshul_aggarwal

      According to various researches, people can remember pictures and visual data more easily than text. so it will be easier to remember this. 

    • luke516

      Dudeeee you’ve been trolling here like forever, it sounds like you are fail

  • Rey..Rey..Reynaldi

    i hope they refine the page transition to be more consistent

  • AA

    already tried it on public alpha long long long ago

  • Lewis McCrary

    I like how he kept calling it a PC.  PCs are not dead! :)

  • Anonymous

    Would be useless for me if I never get a touch screen monitor

  • Bluetree

    when  can we get Windows 8??? email me answers at

  • In Technology Group

    xpPhone2 from ITG is also use windows8.

  • Ferschio

    Will have something more useless or is this to beat a record?