The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token.
From PC World:
From PC World:
I think it's cute," says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. "I don't think it's serious security."Inventor of SecurID: 'Windows 8 Picture Password is Fisher-Price Toy'
The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance - making it relatively easy to compromise, he says. Designers of alpha-numeric passwords recognize this danger and have responded to it by having password characters appear as dots on the screen so the password can't be copied down.