According to the blog, Microsoft wanted to improve security in a couple of ways. The first was to build an easier way to sign on to tablet devices. The second was to improve the security while doing that. If you're paranoid about protection, you also may clean your smartphone screen obsessively, too, lest someone see your "password smudges." Microsoft thought about that. That's why the picture password works.
A picture password is exactly that, a picture of whatever you want. You then "draw" on the picture to unlock your machine. That "drawing" (or collection of gestures) is your password. Poke your dog's face, circle the tree, draw a line between the kite and the grass. So even in the presence of smudges, a would-be hacker wouldn't know which order the lines and circles and taps were made and wouldn't know which direction said circle or lines were draw in.
There's a lot of math in the Building Windows 8 blog post, most of it discussing the statistical chances of someone guessing your password and all the delineation between the different kinds of passwords you can have (alpha-numeric, PINs, picture passwords). But the bottom line is this: Picture passwords require an obtuse and specific kind of information to be unlocked, making it much more difficult to crack. You'll still need a regular text password in the event you (or someone else) locks out your picture password with five incorrect tries. It's unclear, however, if you can require both a picture password and the text password together, or can switch manually between letting picture password stand in for a text password or not.
It's another interesting tidbit that makes me a little bit more excited for Windows 8 tablets to fully hit the scene. Their impact (or lack of impact) on the market will likely shift the way the post-PC world moves. Do you see picture password as a benefit, especially to security VARs implementing widescale policies? Chime in and let us know.
Lastly, lest you think picture passwords are nothing more than a cheap gimmick, Microsoft has done some massive number-crunching to show how much more secure gesture-based passwords are. Be sure to take a look -- it's impressive.