In Windows 8, Microsoft has offered Picture Gesture Authentication (PGA) system which lets you manipulate an image to set password. However, researchers have now confirmed that PGA offers very weak security because PGA passwords are really easy to crack.
Researchers at Arizona State University and Delaware State University created an actual, web-based PGA system. This PGA system was then used by a selected set of users and based on their responses, researchers were to gauge the security offered by them.
In all, 685 respondents were asked to use the web-based PGA system and draw gestures on them. Then the respondents were asked how they decided about what to draw on the image. 60 percent respondents said they tried to find special objects on which they can draw. Another 22 percent revealed that they drew near or on special shapes whereas only 10 percent stated that they drew the gestures without caring about the background.
Based on these responses, the researchers have reached the conclusion that these passwords are really easy to crack. But that doesn’t mean that all the passwords set by using the PGA system are weak and can be cracked. But most of them can be very predictable over multiple attempts.
One of the key problems with PGA is also that it doesn’t allow users to draw random shapes. Rather, you either have to tap or draw circles. If Microsoft adds support for random shapes in Windows 8 security, this can significantly enhance the effectiveness of PGA.
Courtesy: Parity News