Gesture passwords seems like a nice idea, but is it possible that smudges could give it away?
Screen Smudges Can Theoretically Betray The Gestures
Theoretically speaking, yes smudges from running your finger across the screen can betray your gestures to an onlooker. But there are hurdles along the way that make the job very hard if not impossible to do.
The first layer of security is the specific sequence. If you have five gestures that unlock your computer, they also have a specific sequence in which they must be drawn. Drawing them randomly will simply not do. So just knowing what gestures to use is not enough.
Next hurdle comes with the screen itself. A touch screen that is regularly used has numerous smudges to deal with. After login, you will swipe back and forth on your Start Screen. You will tap several places to launch applications, URL’s and more. You will use several gestures to zoom in and out, highlight and position things. All of these will leave their own smudges. Telling the login gestures apart then becomes almost impossible.
The only way someone can know for sure, is to videotape you whilst you are logging in and that works similarly for all physically entered passwords like key presses, patterned taps, etc. Only biometric data like your fingerprint, retina scan, voiceprint, etc. are safe from that. And if such sophisticated techniques are being used against you, it is possibly time to think of securing more than just your Windows 8 computer.
Gesture Login Can Be More Secure Than Conventional Login
There are three different gestures that you can use — circle, tap and line. Out of those, the circle has two possible directions and the line has all of 360 degrees. They can be placed anywhere on the screen and they have to be entered in a specific sequence (like a number dial on a safe).
According to Microsoft, a gesture/picture login with five gestures has 398 trillion possibilities. A five-character password with letters, numbers and symbols has 182 million in comparison. Bring that up to 8 characters and the possibility is at 9 trillion. So at least the math is on their side.
Microsoft also encourages you to use photos with at least 10 elements of interest such as group photos, landscapes. And of course — keep your machine in a secure location and take measures to prevent theft.
Overall, only time will tell how secure this really is. For now, it will make things easier for a lot of us who use dangerously simple passwords for our login just so that we don’t forget what it is.