Google Tests Secure Login with QR Codes
Google already offers users several options to help ensure the security of their Gmail account. However, never one to rest on its laurels, the company is testing out another secure log-in option that uses QR codes.
Similar to the two-step verification process that requires your password and a unique code sent to your smartphone, the QR code login requires the use of your smartphone as part of the process. First, users are required to visit https://accounts.google.com/sesame. Upon arrival, you'll be presented with a QR Code. The next step is to scan this code with a QR code reader, such as Google Goggles. Once you do that, your phone will display a special URL. Click this URL on your phone, and you'll be brought to a mobile Google sign-in page. Once you've logged in via your phone, the browser of the computer you're sitting at will automatically redirect to Gmail. Pretty neat, huh?
This is probably most useful for people who find themselves using public computers a lot. However, don't get too excited -- the feature has already been pulled by Google. As soon as knowledge of it began to spread, Google's Dirk Balfanz updated his Google+ to clarify that this was purely experimental and wouldn't last long.
"Looks like people have found the page for an experiment we've been running for phone-based authentication," he said. "Folks - it's just that - an experiment - and will likely go away at some point. We always work on improving authentication, and try out different things every now and then.
"We're working on something that I believe is even better, and when that's ready for a public trial we'll let you know. I'll label that experimental page appropriately when I get a chance so people don't start depending on an unsupported feature..."
Sadly, the feature has been completely removed, not just relabeled. Accounts.google.com/sesame now displays the following message:
Hi there - thanks for your interest in our phone-based login experiment.
While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.
Stay tuned for something even better!
Dirk Balfanz, Google Security Team.
If you didn't get to try it before it was pulled, check the video below for a demo of the feature:
- Facebook CEO Mark Zuckerberg Speaks Out Against SOPA
- Best Buy, Future Shop Accidentally Sold Fake iPad 2s in Canada
- SOPA Drama Creates ESA Rival, the League For Gamers
- Samsung: We Don't Want to Buy RIM BlackBerry
- IPv6 to Finally Go Mainstream in June 2012
- Did Samsung Tease the Galaxy S III Smartphone at CES?
- MPAA Calls SOPA Blackout Day Dangerous and Irresponsible
- Gaikai's David Perry Confirms Upcoming Facebook Launch
- Yahoo Co-Founder Jerry Yang Unexpectedly Resigns
- PlayStation Vita Sales Continue to Plummet in Japan
- A Scorned George Lucas is Retiring from Hollywood
- CyanogenMod 9 Delivers Ice Cream Sandwich to HP TouchPad
- BioWare to Release Mass Effect 3 Demo on Valentine's Day
- AT&T Intros Data Plans With Higher Limits, Higher Prices
- Samsung's New Phones to Go All Day with One Charge
- Apple Announces iBooks 2 with $14.99 Textbooks
- LG Intros Its First LTE Tablet, the Optimus Pad LTE
- Apple Launches New iTunes U App for Remote Learning
- SOPA Doesn't Censor Internet, Says Rep. Lamar Smith
Interesting idea of course. My hacker mind instantly makes me wonder of course how that can be abused and circumvented :-)
I don't see how this is a good idea. Like Freggo, I'm left wondering if all I have to go is get ahold of someones smart phone for a bit. Go to site, scan, enter URL, and I'm into their Gmail acct? Potential for abuse is rather high I would think.
The person that came up with this should receive a double bonus for their ingenuity.
And then be fired because someone was able to hijack it.
I have yet to give them my phone number and never will. Nor do I use a smart phone. Just have no need for one. They need to get off it and go to a pin system if they want numbers.
I can see this system implemented into my banking site, which I use 2-3 times a week. But for email, which I use 2-3 times a day? Seems a bit too time-consuming for what it's worth.
"We always work on improving authentication, and try out different things every now and then."
IT'S NOT A GOOD IDEA TO MAKE EXPERIENCES WITH SECURITY ISSUES
pity goldman sach's CEO's didn't find it and use it, i'm so inspired i thought of 5 ways to exploit it for incredible illegal financial gain in less then the first 3 seconds of reading the paragraph of how it works.
Near Feild Technology is so exploitable it's going to be a mf disaster that can be used to cause a financial meltdown of the world when it hits it's peak if exploited to it's fullest at the right time.