Microsoft talks about the new password mechanisms in Windows 8 and how they are as secure as typed passwords.
Images And Gestures Are The New Age Passwords In Windows 8
Microsoft has published yet another blog post detailing the new image and gesture based passwords. According to Microsoft these passwords are as secure as plain text passwords. The developers have also taken additional measures to secure the new mechanisms against any hacking attempts.
Gesture based passwords are not entirely a new concept. Android has had it for a while. However, what Microsoft is talking about is the heightened security that this security method is capable of.
A gesture password is a series of motions on the screen like taps followed by circles and swipes. When the password is set, the machine remembers not only what is drawn on the screen but also where it is drawn and the direction of each swipe. Then when the password is entered, the machine will judge the gestures against the stored sample for a margin of error, directions and even location. Authentication will be based on the closeness of your gestures to your original set.
Just like any good security method, gestures have billions of possible combinations and since it is a touchscreen, it becomes very hard to look at the smudges and guess what was drawn and how it was drawn.
Similarly, a picture password is not easy to guess. The actual uses knows which areas to touch and in what sequence. It is hard to guess the sequence on clean touchscreen and it is night impossible to even see the touches on a screen that is in regular use. So the user is secure against break in attempts based on guesswork.
Underlying the entire system is your plaintext password. Put in the wrong image password five times and you will not be able to use the feature till you enter your plaintext access code. Also, these features are disabled during remote and network logins, which eliminates the possibility of these being exploited for remote hacks.