Two factor authentication, pass patterns, finger print readers, facial recognition… the list of alternatives to passwords is growing, but are all of these new precautions as effective as the traditional password?
A study of the new ‘picture password’ service offered to Windows 8 users has proved to be far more insecure than a text based password. Almost 50% of previously unseen images were cracked using systems designed to detect popular points of interest in images.
The picture password feature allows the user to choose certain points of a chosen image in order to authenticate their identity and gain access to the system. The trouble with this form of security is that research has shown that there is a pattern in what points most users use as points of reference. For example in an image where another person or animal feature, a high percentage of users will chose the eyes as their point. Other popular features include bright colours and faces. When asked less than 10% of picture password users claimed to pick random points of an image, the majority picked objects and shapes that caught their eye.
Even without password cracking technologies, the same objects that catch the user’s eye are likely to draw the attention of a hacker too. Even advertisements for the service show users selecting obvious points of reference for security.
Our advice is stick to a text based password for now, read our guide on How to create strong passwords for some tips.