Windows 8 picture security just a toy, claims RSA SecurID inventor
The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token.
"I think it's cute," says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. "I don't think it's serious security."
The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance, making it relatively easy to compromise, he says. Designers of alphanumeric passwords recognise this danger, and have responded to it by having password characters appear as dots on the screen so the password can't be copied down.