Windows 10 picture password: Draw your own conclusions about its safety

Drawing on an image is definitely easier than remembering a password, but there are some caveats.

Chilli Milli wants to set up a Windows 10 picture password.

A Windows 10 (and Windows 8) picture password is similar to an Android pattern lock. You prove your identity by moving your finger across the touch screen. Except, instead of swiping across a standard grid of points, you do it over a photo of your own choice. You might, for instance, swipe from your cat’s ear to your dog’s nose.

But are pictures as safe as passwords and PINs? When I last covered Windows 10 password options, I skipped picture passwords because they make me nervous.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to]

To set up a picture password, you select a photo of your own choice, and record three gestures over it. Each gesture can be a line, a circle, or a dot, executed in an exact order. You repeat the gestures to log into Windows.

0414 example

In theory, this should provide considerable protection, since there are more points on a photo than characters accessible on a keyboard. But things are a little more complicated than that.

From their first appearance with Windows 8, technologists have argued about the relative safety of picture passwords. According to this InformationWeek article by Thomas Claburn, “users aren’t very good at selecting random points on their images; they tend to pick common points of interest, such as eyes, faces or discrete objects,” making them easier to hack.

For me, the real problem is that you can only do three gestures. If Microsoft allowed you to do six gestures, that would square the difficulty in cracking a picture password.

If you want to set up a picture password anyway, here’s how:

Select Start > Settings > Accounts. Click Sign-in options in the left pane. Scroll down a bit to Picture Password and click the Add button.

0414 click add

You’ll have to enter your real password to continue.

On the panel on the left, select a photo. When it’s up, click Use this picture.

Following the directions on the left, create your three gestures. You’ll be asked to repeat them to make sure you remember them—they have to be the same gestures, in essentially the same places (there’s a little allowance for error), in the same order, every time. 

0414 confirm gestures

And please, don’t use gestures as obvious as a swipe from your cat’s ear to your dog’s nose. You want something people can’t guess.

Subscribe to the Best of PCWorld Newsletter