One of the nice things that Microsoft have done in Windows 8 and RT for people using a touchscreen, like on the Surface, is provide a new way of signing in with a Picture Password. They expain in a comprehensive post how secure it is, but in practice I believe that many users will reduce the level of security by too closely following Microsoft’s examples.
What are the chances that a large percentage of Picture Password users select an image of family members or pets, or similar and then create their three gestures by circling heads and drawing dots on, or lines between, noses? With no scientific basis other than the experience I’ve had of seeing how bad most people are at selecting passwords, I’m going to say it’s going to be a significant number.
My solution is actually pretty simple and effective from both an aesthetic and security perspective.
Don’t use a single photograph, but instead select 6-10 images of your chosen subjects and then use Microsoft’s free Photo Gallery software to create a collage with far more points of interest and more potential points to use in your gestures.
In this case, I’m selecting a few pictures of my son:
You then go to the Create menu and select Auto Collage (I choose Large Landscape in case I also want to use it as desktop or lockscreen wallpaper).
At this point you’ll be asked to name the file that’s going to be produced. Now, because it’s an auto collage, you don’t get any say over the positioning or order of the images so you might not like the result first time round. I removed one of the images from the selection and then created a second collage:
Now, just think of the different number of things that I could circle, or draw points or lines on, in that image. Yet it’s still personal to me and it’ll be easy for me to remember my own gestures.
I think the images produced by this method make for a really nice looking and more complex picture to use for Picture Password. You could obviously use a different method to produce your own collage where you take more control of it, but I was going for free and easy here.
That said, if you’re set on a less complex single image for some reason, please consider how easy your gestures might be to guess. If they were easy for you to think up, they could be pretty easy for someone else to guess in five attempts if they manage to get hold of your device, so put at least one of your gestures in an area of the image that lacks an obvious point of interest.