Read more.Microsoft lifts the lid on the secondary log-in method for upcoming OS.
Read more.Microsoft lifts the lid on the secondary log-in method for upcoming OS.
I wonder how many people are going to use phalic shapes as their password when this launches
carbon copy of androids ice creame sandwitch lock screen
Won't anyone looking over your shoulder be able to easily copy your 'password'? Much easier that watching someone tap keys on the keyboard...
Sounds very similar to some authentication methods already in place on android phones..
The touch-screen 'smudges' is a big disadvantage / security flaw IMO though!!
I like it. Clever.
@leonkehoe: I'm on a strict diet of French bread. That's just how I roll.
I do like the idea of controlling it via mouse.
I do use the swipe unlock on Android but it seems to lend itself more to a smaller device....although even so, I have still watched a few people unlock theirs recently and all of them I could have repeated instantly.
Main PC: Asus Rampage IV Extreme / 3960X@4.5GHz / Antec H1200 Pro / 32GB DDR3-1866 Quad Channel / Sapphire Fury X / Areca 1680 / 850W EVGA SuperNOVA Gold 2 / Corsair 600T / 2x Dell 3007 / 4 x 250GB SSD + 2 x 80GB SSD / 4 x 1TB HDD (RAID 10) / Windows 10 Pro, Yosemite & Ubuntu
HTPC: AsRock Z77 Pro 4 / 3770K@4.2GHz / 24GB / GTX 1080 / SST-LC20 / Antec TP-550 / Hisense 65k5510 4K TV / HTC Vive / 2 x 240GB SSD + 12TB HDD Space / Race Seat / Logitech G29 / Win 10 Pro
HTPC2: Asus AM1I-A / 5150 / 4GB / Corsair Force 3 240GB / Silverstone SST-ML05B + ST30SF / Samsung UE60H6200 TV / Windows 10 Pro
Spare/Loaner: Gigabyte EX58-UD5 / i950 / 12GB / HD7870 / Corsair 300R / Silverpower 700W modular
NAS 1: HP N40L / 12GB ECC RAM / 2 x 3TB Arrays || NAS 2: Dell PowerEdge T110 II / 24GB ECC RAM / 2 x 3TB Hybrid arrays || Network:Buffalo WZR-1166DHP w/DD-WRT + HP ProCurve 1800-24G
Laptop: Dell Precision 5510 Printer: HP CP1515n || Phone: Huawei P30 || Other: Samsung Galaxy Tab 4 Pro 10.1 CM14 / Playstation 4 + G29 + 2TB Hybrid drive
And, as mentioned before, when I (briefly) tried the similar Android unlock screen, it was easily apparent what the logon swipe was, based on the grease pattern visible when turning the screen off and shining a light at an angle. This will have totally the same flaw unless using a mouse.
Sounds interesting but I'm not convinced it is more secure. It provides few obvious security benefits in my opinion.
I guess it's major selling point would be convenience, drawing a shape with your finger or mouse should be quicker and easier than typing a password.
Far far too vulnerable to the over the shoulder problem.
The grease trail issue can be partially solved using overlapping patterns so its not clear where the grease trail goes, but its still easier to observe than a long password with uses of the shift key.
Face recognition or finger prints are far better than this if you're too lazy to type, better still with a 6 number pin for 2 factors
Thing is this isn't ment to be that secure, the other thing is unlike a mobile phone I'd wager that the time spent using the device per session is longer.
By this I mean I frequently unlock my mobile for a few seconds, I don't with a tablet, I also normally want to use the tablet for a much longer peroid of time before its "GOD DAMN ****EATING SAFARI WHY YOU NO LIKE YOUR TABS?!" and I slam it in to the wall once again knowing apple fans lied to me.
As such the 'finger trail' should be much less of an issue. However this is only really for casual users, the same who often have no password.
throw new ArgumentException (String, String, Exception)
Hi helpdesk. The tablet isn't accepting my squiggle. Can you reset it.
I think this is more about preventing accidental activation rather than security. I know my Desire's slide down to unlock has been opened by just being in my pocket, a pattern would prevent this from happening, this is just a more unique way of doing a unique pattern.
From the article:
"Microsoft says that this secondary log-in offers many more permutations than a standard password and will therefore make systems more secure, though it has acknowledged that smudges on the screen could give away passwords and suggests that users clean their screens regularly."
That is a bull**** claim. A good password has trillions of combinations (at worst say 26^8), there are not trillions of distinct points on a picture, the screen only as a few million pixels at most and it will be less discerning than individual pixel accuracy.
Maths fail
For starters, no-one is saying a password has to have 8 characters in it, and I'm certain many log-on passwords don't.
Anyway, take your typical (today) mobile screen @ 480x800. Say you can only select to the nearest 5x5, so 15360 possible points on the screen. Let's suppose we have three points in the password.. that gives roughly 3.6x10^12 permutations. Going back to your 8 character password example, that gives roughly 2.1x10^11 permutations.
Granted, you might argue that a typing-based password would include digit and symbol character spaces, and possibly more than 8 characters. But equally, there is no way I'm having some long complicated password like that on my phone, and probably 90% of those who have a password on their phone (rather than a swipe/pattern thing) have four digits - just 1x10^4 permutations.
From the other point of view, if this is used on laptops, you have far more screen estate to play with. On your typical 1366x768 laptop, those three points give you roughly 7.3x10^13 permutations.. contrast that with roughly 7.5x10^13 permutations for a 7 character password from upper and lower case text, numbers, and symbols*.
Given how much easier it is to increase the permutations for the pattern password (~3.1x10^23 permutations for a five point password vs ~6.1x10^23 permutations for a 12 character password encompassing upper case, lower case, digits and symbols), their argument makes some sense.
Personally I think it's less secure for the grease mark reason, I'm just playing devil's advocate.
*96 characters total, calculated from all the characters on my keyboard
cool
There are currently 1 users browsing this thread. (0 members and 1 guests)