Secure your Windows 8 account with Picture Password

Windows 8 comes with several authentication options, with one being Picture Password which appears to have a weakness – it requires the user to have a regular user account with regular password (with an option to move to PIN authentication).

As recently as last month it was found the regular password was stored in original plain-text format (naughty!) – password salting/hashes anyone? Well it’s not all bad news. There is a simple work around….

If a user has created a regular password and then uses the Picture Password authentication, the text password will be AES encrypted and saved to protected Vault storage (similar to Keychain Access on Mac OS X) in the Windows System folder.

Here is how you setup Windows 8 Picture Password:

  • Make sure you have a strong regular password prior to setting up Picture Password
  • Start screen > type the phrase picture password
  • From search bar > Settings category then look at the search results in the left pane
  • Click > Create or change picture password, then go to
  • Sign-in options section > PC Settings screen – click on the button to Create a picture password
  • You will now need to enter your text password to confirm your account
  • Next you should see “Welcome to picture password” message screen which explains the setup through different gestures
  • Look at left pane > click > Choose picture button. This will show you your Pictures folder
  • Click > image you wish to use as your password > click on the Open button in lower left corner
  • You can now edit the size of the image – drag image horizontally or vertically to position
  • Click > Use this picture button > then go to “Set up your gestures” screen > create first gesture, then your second, and then your third.
  • You then need to “Confirm your gesture” and recreate the gestures in the same order (this is the validation process)
  • Windows will congratulate you if you are successful if not, then you have the option to try again
  • Click > Finish button
  • Click the Windows key to return to Start screen > click on your account name and picture in upper right corner and select > Sign out from the menu option
  • Press any key to get past the lock screen. You will then see your picture.
  • Draw the three gestures you created when you signed in and voila you should now see the Windows Start screen

If you found this post interesting, then you might want to read my post about the useful Windows 8 SmartScreen Filter.

Safe surfing folks!

This entry was posted in anti-virus, malware, privacy, windows and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *