Windows 8 has a new feature called picture password. It’s really flashy: you pick a favourite photo and then you draw gestures on it with your finger (tap a nose, circle a head, connect two boobs). It’s cool, but not very good.
At least that’s what Kenneth Weiss — the inventor of RSA’s SecurID two-step authentication — says: “I think it’s cute, I don’t think it’s serious security. It’s more like a Fisher-Price toy than a serious choice for secure computer access.”
According to Weiss, you can easily defeat this by recording someone’s motions from afar. I guess you are right Kenneth, but I don’t expect to have the CIA spying on me or most people. He may be right. For people who are paranoid or really need extreme security because of their jobs, picture password could be a bad solution. But for the rest of us is more than enough and certainly better than 12345. [NetworkWorld]