A vulnerability with the preview version of Microsoft’s Windows 8 operating system (OS), where it saves a log on password in plain text and allows any user with admin rights to see the password details, has been discovered by a password security vendor.
According to a blog post by a Passcape Software administrator, Picture password and PIN are new sign-in authentication methods in the developer preview of Windows 8 which are designed to avoid the problem of forgotten passwords.
However, the blog urges users to use the authentication methods with caution because the user must first create a Windows 8 acccount with a regular password before switching to PIN or Picture password authentication.
“If a [Windows 8] account is configured for authentication using Picture password or PIN, your original plain-text password is stored in the system, and any user with the administrator privileges can gain access to it,” read the blog post.
Microsoft Australia has been contacted for a response by Computerworld Australia.
Windows 8 is set to go on sale on October 26 this month.
Follow Hamish Barwick on Twitter: @HamishBarwick