According to Steve Watts, co-founder of the tokenless two-factor authentication specialist, Windows 8's pictorial authentication will rely on the accuracy of the touch screen device, as well as the accuracy of the user's gestures when logging in.
"Microsoft's move is, however, definitely a step in the right direction - especially against the backdrop of PINs and passwords being hackable using a variety of cybercriminal methodologies," he said.
We should remember though that users demand the flexibility to connect from any device anyware not just from their Windows 8 laptop. They may wish to travel light and connect to the office on their iPad, smart phone or just use the hotel lobby browser.
This level of connectivity demands a zero food print authentication solution such as tokenless two factor authentication.
"The reality, is that the precision, irrefutability and convenience of tokenless two-factor authentication makes this form of security a far better choice for most users, especially since they can use their smartphone to authenticate themselves," he added.
Despite the limitations of the planned Windows 8 authentication system, the SecurEnvoy co-founder says that he welcomes news that the new Microsoft operating system - due to arrive in Q3 2012 - will feature a photo-based pictorial login system, as it will help to spread the word that there is more to login security than tired old PINs and passwords.
Watts argues, however, that while using your own photo on a lock screen may sound like an ideal alternative to a PIN or passphrase entry system, some users may also find that the system is far from secure when using their laptop in public places.
Pictorial login systems, he explained, can easily be seen in a busy railway or airport caf by someone visually eavesdropping your laptop from the next table. Using a mobile phone to authenticate yourself, on the other hand, is a far more secure process, as it uses something you have and something you know, to verify you are who you claim to be.
Put simply, says Watts, if someone shoulder surfs your login using the new Windows 8 security system, then they effectively have access to your computer.
"So whilst we welcome this alternative to the tired old PIN and password system that has been proven to be less than secure as means of logging in, we feel that the message about tokenless two-factor authentication also needs to be made," he said.
Clearly the ideal authentication strategy is a combination of both pictorial login when you want to login to our PC and tokenless authentication when you need the higher levels of security demanded when accessing your office remotely.
For more on SecurEnvoy: http://www.securenvoy.com
For more on Windows 8 photo-login security: http://cnet.co/tEmM0G
About SecurEnvoy SecurEnvoy is the trusted global leader of tokenless' two-factor authentication. SecurEnvoy lead the way as pioneers of mobile phone based tokenless' authentication.
Their innovative approach to the tokenless' market now sees thousands of users benefitting from their solutions all over the world. With users deployed across five continents, their customers benefit from significant reduced time to deploy and a zero footprint approach means there is no remote software deployment and administrators enjoy the management tools allowing them to rapidly deploy up to 20,000 users per hour.
Making significant growth in every region, SecurEnvoy and partners have expanded its revenue by over 100% year on year with customers in Banking, Finance, Insurance, Government, Manufacturing, Marketing, Retail, Telecommunications, Charity, Legal, Construction. Their partners include, Juniper, Citrix, Fortinet, Sonic Aventail, Cisco, Checkpoint, Celestix, Microsoft, F5 and others.
For more on SecurEnvoy visit www.securenvoy.com