As we can see, ever since Microsoft committed itself to its Trustworthy Computing program, it has made significant security changes on each version of operation systems to improve its security posture. Windows 8 is no different. Nick Psyhogeos, Microsoft vice president, said during a media briefing that Windows 8 is one of the most secure operating systems to date. However, it seems that the actual performance of its new system is not as satisfactory as it is said.
Microsoft developed a new User Interface and deleted the traditional Start Menu in its new system. It also made great changes on its user account. You can create a local account as well as a Microsoft account, which allows users to log in through Microsoft related accounts. What’s more, the password in Windows 8 is totally different from any of previous systems. Though the traditional text password is kept in Windows 8, it also allows users to create a picture password or PIN code as the supplement of text password. It will definitely make it easier for password recovery Windows 8 when forget the password. And also, makes it more convenient to log in your Windows 8 system as quickly as possible. However, are these new password features as reliable as they seem to be? It is a problem to be discussed.
Picture password, just as the name implies, allows users to choose a picture and then design a sequence of gestures on it as your password. Gestures are limited to circles, lines and taps. Actually, this kind of method is not a new invention from Microsoft. Android has already adopted gestures as authentication on its smartphones. However, when it is introduced to Windows 8, it is questioned by a lot of IT security experts and Windows users.
The doubts firstly result from the fingerprints on the screens of Windows 8 devices. Suppose that if someone gets ahold of your Windows 8 device, he can try to guess your picture password just by looking at the pattern of smudge marks on the screen. When with the help of a digital camera, this attack can be even more effective. Another possible attack is that, if someone is looking over your shoulder when you log in, they will find it very easy to notice where you are tapping. Besides, for peepers, the gestures are much easier to remember than numbers.
So, how about the PIN code? It is added to Windows 8 for tablet users to enter code via touch-numpad, but PC users can also create PIN to log in Windows 8 using either Windows Live account username and password or PIN code. As we all know, whenever the user is to enter just digits password, just like PIN, he will have to display the “digits only keyboard” on screen. In this way, it will definitely reveal that the user obviously uses a PIN to access Windows 8. Besides, since the PIN should be exactly 4 digits, can it be a difficult thing for an attacker to crack a four-digit password? It’s may be pretty easy.
We can then come to a conclusion that though the new password features in Windows indeed make Windows password reset a simple issue for Windows 8 users, we should think twice before we make use of these features in regard to system security.