http://www.networkworld.com/news/2011/122211-windows8-authentication-254372.html By Tim Greene Network World December 22, 2011 The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token. "I think it's cute," says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. "I don't think it's serious security." The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance - making it relatively easy to compromise, he says. Designers of alpha-numeric passwords recognize this danger and have responded to it by having password characters appear as dots on the screen so the password can't be copied down. Designers of Windows 8's picture login have made a traditional password an alternative, perhaps in acknowledgement of this shortcoming, he says. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Dec 27 2011 - 03:38:30 PST
This archive was generated by hypermail 2.2.0 : Tue Dec 27 2011 - 03:50:07 PST