We're likely to see a rash of new hacking techniques targeted specifically at touchscreen PCs, so if you're going to add a gesture password to your Windows 8 PC, make sure it's a good one.
How to create a strong picture password
Thankfully, setting up a picture password in Windows 8 is child's play. Just remember that you need to have a locally accessible image to use as the foundation of your picture password before you begin. You also need an alphanumeric password linked to your account in case of emergency, so make sure it's something strong. If the picture password feature fails for any reason, or if you simply forget the gestures you've chosen, you can use your plain-text password to log in to your system.
First, press the Win-W key combination and search for Picture Password. Under the Settings category of results, you should find an entry for Change to create picture password; launching that wizard is the first step in creating your custom picture password.
When the picture password wizard first opens, you're greeted with a big ol' page of PC Settings. Click the Create picture password button about halfway down the page. If you haven't already assigned a plain-text password to your account, you must take care of that before Windows 8 will allow you to continue.
After clicking the 'Create picture password button, you'll be asked to enter your plain-text password. Once Windows 8 verifies that you are who you say you are, you must sit through a quick animation that explains the types of gestures you can assign to your picture. In short, you can use any combination of three taps/clicks, straight-line drags, and/or circles.
Click the Choose picture button, browse to your preferred image directory, and choose the image you'd like to use as a base for your gestures. The picture is the only thing you'll see when logging in, so try to pick an image with a resolution sufficient that the image remains attractive when splayed across your screen. Once you select the image, you're asked to position it on-screen; simply drag the image to your desired location and click the Use this picture button.
Time to start gesturing. This process is obviously designed for touchscreen PCs and tablets, but it works with a mouse as well. Remember the order and direction of all of the gestures you drew on the screen; if you draw a line from left to right in the image, for example, you'll also have to draw the line from left to right when unlocking your system.
For maximum security, avoid taps and use circles and lines exclusively. These gestures are harder to guess because they incorporate both positional data and directional data, so an unauthorized user would need to correctly deduce the start point, end point, and direction of your gesture. Every security expert we spoke to about this process cautioned against using gestures that follow the contours of the image in predictable ways, like circling faces or drawing lines between landmarks. Instead, pick an image with strong contrast to create bright reference points, and come up with a creative, convoluted series of gestures to make your password extra strong.
Sign up for Computerworld eNewsletters.