As mobile devices flood the market and consumers increase their browsing time on small screens with smaller keyboards, the alphanumeric password is seeming less and less user friendly. Windows, trying to appeal to the mobile savvy user, is initiating an authentication system that is based on a picture – but with a twist. Their system will incorporate the sensitivity of a touch screen, allowing the user to ‘draw’ a gesture on an image to log in. Swipe the eyebrows, pinch the nose, pet the puppy – you get the idea.
The new image- and gesture-based sign-on system to be incorporated into Windows 8 is nifty at best, but leaves much to be desired. The sensitivity of touch screens may prove too sensitive for users’ taste. Being off by a few pixels, or hesitating in the wrong place could end up in a failed authentication. To compensate for this type of confusion, there’s a traditional password system in place as a backup.
But what happens when we relegate an alphanumeric password to ‘backup’ status? It becomes superfluous in our minds – not worth the brain cells to remember. And easily forgotten passwords worse than no passwords. Next, allowing users who can’t authenticate with the image-gesture system to bypass the system with an alphanumeric password nullifies the actual security of the system against keyloggers and other malware sources.
Nifty? Yes. Secure? Unfortunately not. While we’d all like to live in a world where security concerns are secondary to user experience, as my grandpa used to say, that’s just not in the cards. Need we mention that Tricerion’s strong mutual authentication system could run circles around Windows’ new “nifty” toy? Check it out for yourself, and you’ll see why.