Please, Microsoft, let Windows 8 banish passwords

29 Jun 2010

For me, the most important part of the recent leak of Windows 8 material (assuming it is real, of course) is the use of facial recognition to do login authentication. We know that passwords are a pain in the bum of sysadmins all over the world. Of course, we enforce all kinds of things to attempt to make them more secure -- forcing regular changes, disallowing certain words and patterns, ensuring passwords can't be reused too quickly and so forth.

But the simple fact is that passwords are mediocre at best, and wholly insecure at worst. We need something better. I'm quite a fan of smart cards and fingerprint readers -- these seem to offer some good technology especially when you want to encrypt the hard disk. So powering up the machine without the smart card can, for example, scramble the hard disk contents.

But these solutions have been esoteric at best, and limited to the hard core security paranoid users. We need a much stronger solution which is right across the board. Now given that almost everything comes with a fairly decent webcam built in, it seems perfectly logical to use this as an authentication parameter, maybe in combination with a secondary authenticator for secure systems. Facial recognition is an obvious solution.

So I'm pleased to see this expressly mentioned as an authentication mechanism for Windows 8. Couple it to fingerprints too, and maybe we can banish passwords forever?

Read more

Blogs