You are here:Home » Windows 8 » Using Multiple Sign-In Options in Windows 8

Using Multiple Sign-In Options in Windows 8

Windows 8 gives you two additional authentication options that Windows 7 and earlier versions of Windows didn’t offer: picture passwords and PINs. Picture passwords are perfect for tablets, while PINs are useful anytime typing is difficult. Both reduce your computer’s security, but that compromise might be worth it for you.


You can create a picture password or a PIN only when you’re physically at your computer. In other words, you can’t do it across the network when using Remote Desktop.


Using a picture password

Typing a password on a touch screen is a pain. As an alternative, Windows 8 supports using a picture password. When you enable the picture password feature, you tap, circle, and draw lines on the picture of your choosing.


To enable picture passwords, select Users in PC settings and click Create A Picture Password. Then, verify your credentials by retyping your existing password.


Select a picture to use for your picture password, and then select Open. The best pictures have multiple points of interest. A point of interest can be a person’s eyes, the peak of a mountain, or the wingtip of a bird. Any place you can remember to touch the picture is a point of interest.


After you select your picture, you can drag it to position it. The left portion of the picture is going to be hidden when you enter your picture password, just as it is in following screenshot. Select Use This Picture.


Now you can specify your gestures. For every single point of interest on the picture, you can make five gestures:


●  A tap
●  A small clockwise circle

●  A large clockwise circle
●  A small counterclockwise circle
●  A large counterclockwise circle

When entering a picture password, the left portion of the picture is hidden.

For every pair of points of interest on the picture, you can draw a line between them in either direction.


●  A large counterclockwise circle drawn around the ibis’s right wingtip.
●  A small counterclockwise circle drawn around the ibis’s left wingtip.
●  A line drawn from the ibis’s eye to the tip of its bill.


Tap, draw circles, and draw lines to create your picture password.


The next time you log on, Windows prompts you to enter your picture password.


Windows doesn’t expect you to be precise with your touch; as long as the points you touch are relatively close to those you specified when you created your picture password, you won’t have any problem logging on. If you do have problems, click Switch To Password to type your conventional password.


Picture passwords can be quite secure. Of course, because Windows always gives you the option to sign on using your password, adding a picture password reduces your security by just a tiny amount by giving an attacker another option for breaking into your computer.


Nonetheless, the convenience of tablet computers makes it worthwhile for me and many other users. To minimize the security risks of picture passwords, follow these best practices:


●  Use a complicated picture with many different points of interest. For example, a group picture of five people is better to use than a portrait of a single person, because there are more possible points to circle, tap, or draw a line to.
●  Don’t pick the obvious gestures. If you choose a picture of three people, tapping each of the three faces would be very easy to guess.
●  Go counterclockwise with your circles. Most people are inclined to draw clockwise circles, so a counterclockwise circle will be a bit more difficult to guess.
●  Go right to left with your lines. Like using counterclockwise circles, going against the natural inclination improves security.
●  Cover your screen. Don’t let people see you enter your picture password. Be wary of cameras that might record you logging in.

●  Leave your screen dirty. The worst thing you can do is to clean your touch screen and then log in, because the only smudges on the screen will be from your picture password. While those smudges wouldn’t reveal the sequence or the direction of lines and circles, they might reveal the three actions that you performed. When you do clean your screen, clean it after you log on instead of before you log on. The following screenshot shows my tablet computer after I cleaned the screen and then logged in with my picture password. You can clearly see the three actions, but you don’t know the sequence or the direction, so there are still 120 possible combinations. Windows stops you from guessing after five. Under these ideal circumstances, an attacker who gains physical access to my PC immediately after I clean the screen and log on still has only a 4 percent chance of guessing my picture password correctly.


Smudges can reveal information about a picture password, but the security


●  Don’t use picture passwords. Really, if you’re paranoid about someone guessing your picture password and breaking into your computer, you’re better off using a complex and long conventional password. Picture passwords are a convenience, and they’re better than nothing (and also better than a PIN), but they’re simply not the most secure way to log on if you don’t want other people using your account.


Consider the simplest scenario: a picture password composed of three taps on a picture with three points of interest. If the attacker knows you use only taps and don’t tap in the same place twice, this results in six possible combinations, with the average attacker guessing it after three attempts. Windows locks out users after five failed attempts to enter a picture password, so most attackers would be able to guess the password.


You can repeat yourself, however, raising the number of possible sequences to 27. The average attacker would need to guess 13 or 14 times to get it right, and by being locked out after five failed attempts, most attackers wouldn’t be able to guess this very simple picture password even when given information they wouldn’t normally have.


Consider a scenario where an attacker knows you hate drawing lines and large circles, and thus would only use taps and small circles (both clockwise and counterclockwise) on a picture with three points of interest. In that case, the number of possible combinations jumps to 729. Use only taps, small circles, and large circles, and the number of possible combinations is 3,375.


If the attacker doesn’t know anything about your picture password, but your picture only has three points of interest, the attacker would also have to guess lines drawn in different directions. Add lines in different directions between the three points of interest, and now the attacker would need to guess 9,261 combinations. Because they’re locked out after five guesses, the attacker would need an average of 926 separate sessions separated by a password sign on to guess the picture password (assuming they could precisely keep track of the different possibilities and what they previously guessed).


That’s secure enough for most home users. If you use a picture password with more points of interest, the possible combinations skyrocket. A picture with 10 points of interest has 2,744,000 possible combinations. If you don’t feel comfortable with the security of picture passwords, just keep typing a conventional password.


If you want to disable your picture password, open PC Settings, select Users, and then click Remove next to Change Picture Password.


Using a PIN

You can sign on with a numeric personal identification number (PIN) instead of using a password. PINs aren’t terribly secure, but they’re easier to type. Think of using a PIN as a compromise between typing an annoying password and not having any security at all. PINs are much easier to guess than a password, but if a password is annoying or difficult for you, a PIN is much better than nothing.


To enable signing on with a PIN, open PC Settings and select Users. Then select Create A PIN. Type your password to confirm your identity. As shown in following screenshot, you then need to type your new PIN twice and select Finish.

You can log on to Windows 8 using a four-digit numeric PIN.
The next time you sign on to your computer, Windows will prompt you to enter your PIN. If you are using touch, Windows displays a numeric keypad, which is much easier to type on than a full keyboard. To sign on with a conventional password or a picture password instead, select Sign-In Options.


The math behind an attacker guessing your PIN is much easier to calculate: there are always 10,000 possible combinations (0000–9999), so the odds of guessing your PIN (assuming you don’t use your birth date or some other significant number) are 1 in 10,000. Like picture passwords, if you type the PIN incorrectly five times, Windows requires you to type your full password. So, the odds of an attacker guessing your PIN correctly in five attempts is 1 in 2,000.


If you want to disable your PIN, open PC Settings, select Users, and then click the Remove button beside Change PIN.


Post a Comment

We're happy to read your thoughts and we'd try our level best to clear your queries if asked. Let's discuss it in a better way. Please don't spam and spoil the conversation :) Thank you!!