Skip navigation

8 Days a Week: One Password to Rule Them All ... And Other Windows 8 Meanderings

I was hoping to write a bit this week about how I write in general and how I'm approaching the writing of Windows 8 Secrets, which will be an all-new book with little to no content carried over from previous editions. And, sure enough, I did write about this, but it's getting longer than I'd like--typical--and is meandering in unexpected directions. So in the interest of not letting too much time go by without a new article in this series, here's a peek at what Microsoft and some third party blogs posted this week about Windows 8.

Microsoft has written about two topics on the Building Windows 8 Blog since our last outing: Protecting your digital identity online and picture passwords.

Protecting your digital identity

Today, I recommend a utility called LastPass for managing your online passwords through a web browser such as Chrome. But LastPass isn't just a central clearing house for passwords with a cloud component, it can also generate strong passwords, preventing you from taking the all-too-easy (and insecure) path of simply using the same weak password on every site you visit. LastPass isn't just one of the best utilities I've ever recommended, it's one of the core components of my own toolbox. I use it all the time.

In Windows 8, utilities like LastPass may become somewhat less necessary. According to a B8 post called Protecting your digital identity, Microsoft is building secure password, PIN, and user name management into Windows 8, so that you can tie these important security gateways to your Windows logon.

"The average person using a PC in the United States typically has about 25 online accounts," Microsoft's Dustin Ingalls writes in this post. "[But] the number of unique passwords across those 25 accounts is only about 6." Hence the problem.

Here's the solution, according to Microsoft: Windows 8 will include a centralized Credential Manager, shown below, that lets you view and manage your logon information for web sites, connected applications, and networks. This functionality can be accessed by Internet Explorer 10, of course, as well as any Metro-style app.

Windows 8's Credential Manager

On a related note, Microsoft previously disclosed how it would allow Windows 8 users to logon to the PCs using their Windows Live IDs, and this is, in fact, how all of my Windows 8 PCs are configured today. "One of the great things you get when you sign in to Windows with your Windows Live ID is the ability to sync the credentials you've stored to all of the Windows 8 PCs that you register as your Trusted PCs," Ingalls notes.

Sounds good to me.

Picture passwords

This week's second topic is not new, we learned and wrote about this back at the BUILD conference in September: Microsoft is allowing new, alternate forms of logons to Windows 8 PCs, including a four-digit, phone-like PIN password and a picture password. The latter is the subject of a post this week logically titled Signing in with a picture password. I've configured a few of my Windows 8 PCs for picture passwords and a few with PIN passwords, and have to say I prefer the latter.

Note that neither replaces your normal password. Instead, you can assign a PIN and/or picture password that's used in place of the normal password at logon. A picture password encompasses two bits, a favorite photo from your picture collection and then three touch gestures. To logon using a picture password, you simply duplicate these gestures on top of the picture.

My Picture Password

These gestures include a simple tap, a swipe, a circle drawing, and the like. So you can mix and match to create something unique. (And hopefully not as simple as just poking a person's eyes.)

In typical fashion, Microsoft's post goes into great and pointless detail about how this works, including such silliness as the following mathematical symbols:


Way to make something fun into something boring, guys. But they do address one concern I have with current tap-based PIN and pattern logon systems for smart phones and devices: Protecting against smudges.

"People are often concerned with the smudges left behind on a touch screen and how easy or hard it would be to divine your password based on those markings," Microsoft's Zach Pace writes in the post. "Because the order of gestures, their direction and location all matter, it makes the prospect of guessing the correct gesture set based on smudging very difficult even in the completely clean screen case, let alone on a screen that sees regular touch use."

And that's pretty much all you need to know about that one.

Meanwhile, out in the blogosphere...

With not much Windows 8 news to write about this week, the tech blogs focused on two core topics: Some leaks of the Metro-style Music app that Microsoft will provide in the Windows 8 Beta next February and "news" that usage in September's Developer Preview build has dropped over the intervening months.

WinUnleaked has posted a number of shots of what some have described as Windows 8's "boring" Music app. These shots are marred by an egregious use of watermarking, but here's a representative example:

Would someone please teach these kids how to take a proper screenshot?

Meanwhile, many blogs were reporting that usage in Microsoft's now-outdated Windows 8 Developer Preview has slipped over the past three months. (Well, duh.) This is based on a Chikita study that "measures the corresponding level of activity seen by the yet-to-be-released OS, in order to determine the level of activity and potential user interest in the new operating system as a platform for future software." And what they've found is that usage in the Windows 8 Developer Preview, which is, again, outdated and, more important, aimed solely at developers, "is measurably lower than it was three months ago."

Chikita finds this "troubling," which of course is what the blogs have latched onto. I find it not unexpected and even logical since normal users would quickly discover that the Windows 8 Developer Preview is hard to use day-to-day. Just ask me, I'm doing it. I bet few others are. Including those who are busy writing books about the OS and writing new apps. Just saying.

There are other pseudo-controversies because, you know, the blogosphere needs to drive page views. Last week's "revelation" that Microsoft could "remotely delete Windows 8 apps" sold or downloaded through its coming Windows Store was one such attempt at righteous indignation. But as I noted in last week's Short Takes, this isn't new functionality and is, in fact, entirely acceptable and expected.

Here's what I wrote:

Non-Event of the Week, Part 2: Microsoft Can Remove Apps from Windows 8
As part of its Windows Store revelations this week, Microsoft revealed that it will have the technical ability to remove Metro-style apps and their associated data from users' Windows 8-based PCs. And as you might expect, reading that sentence, some people are up in arms over this because, you know, it's Microsoft. But here's the deal. Every modern app store on Earth features this capability, including Apple's App Store, Google's Android Market, and even Amazon's Kindle Store. On Windows 8, it's being done for security reasons, since an errant app could possibly make it through Microsoft's stringent curation process, and one of the things Microsoft is promising with this app store is that users' safety is Job One. Sorry, but this just makes sense.

And it does.

More soon.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.