In order to make new gesture-based password safe for Windows 8
computer like text-based password, we have to improve picture password security. Before talking about how to improve, let’s see why picture password
is easily cracked.
Why Windows 8 picture password can be cracked easily
Setting up a gesture-based password involves choosing a
picture from one’s Picture Library folder and drawing three points on the
image. Windows 8 accepts three kinds of gestures on picture, taps, lines and circles.
And Windows 8 subdivides the image into a 100*100 grid and stores the input
points as grid coordinates.
1. But users aren’t very good at selecting random points on
their images. They tend to pick common points of interest, such as eyes, faces
or discrete objects.
As a result, passwords derived from this constrained set have
much less variability than randomly generated passwords. They’re easier to
crack.
2. There is no picture-password-strength meter similar to
systems that prevent people from choosing weak text-based passwords.
So when computer users have set weak picture password, they
still don’t know.
3. There have been some researchers’ experimental model and
attack framework allowing them to crack 48% of password for previously unseen pictures
in one dataset and 24% in another.
Because of wrong password setting method above and incomplete password
setting mechanism, Windows 8 picture password would be
cracked easily.
How to improve picture password security?
From the above introduction of the reason why Windows 8
gesture-based password is cracked easily, and the analysis of PIN code,
character password and picture password in the table below, you could find what
you should do to improve Windows 8 picture password security.
Length
|
10-digit PIN
|
Simple a-z character set password
|
More complex character set
password
|
Multi-gesture picture password
|
1
|
10
|
26
|
n/a
|
2,554
|
2
|
100
|
676
|
n/a
|
1,581,773
|
3
|
1,000
|
17,576
|
81,120
|
1,155,509,083
|
4
|
10,000
|
456,976
|
4,218,240
|
612,157,353,732
|
5
|
100,000
|
11,881,376
|
182,790,400
|
398,046,621,309,172
|
6
|
1,000,000
|
308,915,776
|
7,128,825,600
|
|
7
|
10,000,000
|
8,031,810,176
|
259,489,251,840
|
|
8
|
100,000,000
|
208,827,064,576
|
8,995,627,397,120
|
- Microsoft should integrate the researchers’ PGA attack to inform users of potential number of guessed it would take to access their system.
- Choose one individual picture and portions to make three gestures.
- Take the most complex gesture line to create gestures.
Now there would be 100 million possible lines set on a picture.
It will be more difficult to guess out picture password if what you do is based
on the above suggestions. That will increase both security and the memorability
of the password.
But in a word, before appearance of better password setting
mechanism, gesture-based password had better be another way to access Windows
8. If we want to protect Windows 8 better, we should create powerful local user
password, or encrypt important data in Windows 8 computer.
More articles:
- Four ways to create Windows 8 logon password and how to use
- Windows 8 security knowledge
- Three Major Differences between Windows 8 and Windows 7 – Security/Design/Version
- 10 General Secure Settings Options for Windows 8
- How to Enable or Disable Windows 8 Admin Account
No comments:
Post a Comment