Windows 8 Picture/PIN password glitch discovered

Windows 8 Picture/PIN password glitch discovered

Picture and PIN passwords saved in Windows 8 pre-release version can be accessed by any user with admin rights, according to a security vendor.

A vulnerability with the preview version of Microsoft’s Windows 8 operating system (OS), where it saves a log on password in plain text and allows any user with admin rights to see the password details, has been discovered by a password security vendor.

According to a blog post by a Passcape Software administrator, Picture password and PIN are new sign-in authentication methods in the developer preview of Windows 8 which are designed to avoid the problem of forgotten passwords.

However, the blog urges users to use the authentication methods with caution because the user must first create a Windows 8 acccount with a regular password before switching to PIN or Picture password authentication.

“If a [Windows 8] account is configured for authentication using Picture password or PIN, your original plain-text password is stored in the system, and any user with the administrator privileges can gain access to it,” read the blog post.

Microsoft Australia has been contacted for a response by Computerworld Australia.

Windows 8 is set to go on sale on October 26 this month.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments