Windows 10 picture password: Draw your own conclusions about its safety
Drawing on an image is definitely easier than remembering a password, but there are some caveats.
By Lincoln Spector, PCWorldMar 14, 2016 7:35 am PDT
Chilli Milli wants to set up a Windows 10 picture password.
A Windows 10 (and Windows 8) picture password is similar to an Android pattern lock. You prove your identity by moving your finger across the touch screen. Except, instead of swiping across a standard grid of points, you do it over a photo of your own choice. You might, for instance, swipe from your cat’s ear to your dog’s nose.
[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to firstname.lastname@example.org.]
To set up a picture password, you select a photo of your own choice, and record three gestures over it. Each gesture can be a line, a circle, or a dot, executed in an exact order. You repeat the gestures to log into Windows.
In theory, this should provide considerable protection, since there are more points on a photo than characters accessible on a keyboard. But things are a little more complicated than that.
From their first appearance with Windows 8, technologists have argued about the relative safety of picture passwords. According to this InformationWeek article by Thomas Claburn, “users aren’t very good at selecting random points on their images; they tend to pick common points of interest, such as eyes, faces or discrete objects,” making them easier to hack.
For me, the real problem is that you can only do three gestures. If Microsoft allowed you to do six gestures, that would square the difficulty in cracking a picture password.
If you want to set up a picture password anyway, here’s how:
Select Start > Settings > Accounts. Click Sign-in options in the left pane. Scroll down a bit to Picture Password and click the Add button.
You’ll have to enter your real password to continue.
On the panel on the left, select a photo. When it’s up, click Use this picture.
Following the directions on the left, create your three gestures. You’ll be asked to repeat them to make sure you remember them—they have to be the same gestures, in essentially the same places (there’s a little allowance for error), in the same order, every time.
And please, don’t use gestures as obvious as a swipe from your cat’s ear to your dog’s nose. You want something people can’t guess.