Windows 8 Picture/PIN password glitch discovered

A vulnerability with the preview version of Microsoft’s Windows 8 operating system (OS), where it saves a log on password in plain text and allows any user with admin rights to see the password details, has been discovered by a password security vendor.

According to a blog post by a Passcape Software administrator, Picture password and PIN are new sign-in authentication methods in the developer preview of Windows 8 which are designed to avoid the problem of forgotten passwords.

However, the blog urges users to use the authentication methods with caution because the user must first create a Windows 8 acccount with a regular password before switching to PIN or Picture password authentication.

“If a [Windows 8] account is configured for authentication using Picture password or PIN, your original plain-text password is stored in the system, and any user with the administrator privileges can gain access to it,” read the blog post.

Microsoft Australia has been contacted for a response by Computerworld Australia.

Windows 8 is set to go on sale on October 26 this month.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article1

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark