Much is made about information security, particularly for end-users who tend to sign into their accounts on public computers. Google’s giving their users a seemingly genius option for secure login, though. They’ve employed the use of QR codes to make it more safe for those of you who worry about key-loggers or inadequate network security on public networks.
It’s quite simple, actually. Head to this URL on the computer you want to login on. A QR code will be generated. Make sure you’re signed in to your Google account on your phone and scan that code with a QR code scanner on your phone. Google Goggles is a fine choice for those of us on the Android train.
Touch the link that shows up, give Google permission to sign in and voila – onto your emails, RSS items and calendar appointments you go. Sure, it’s a bit more involved than just typing in your username and password but perhaps information security is worth the added time. Give it a whirl just for fun if you want. [via LifeHacker]
That is awesome.
This is like magic!
So if someone scanned your screenshot they would be logged in on your computer now wouldn’t they…..
Huh? They would need your phone.
I’m saying if someone reading this article scanned the QR from the screenshot in the article with their Android phone wouldn’t that verify them and log them in on the article’s author’s computer?
They need a phone that’s already logged into your Google account, i.e., your phone.
I dont think you get it. I’m saying I better not scan this screenshot with my phone or else my phone would log me in to the article’s author’s computer, albeit probably only if he had still had that browser page open.
So people reading this don’t get scan happy with the attached photo or you’ll inadvertantly log yourself into the Phandroid writer’s computer.
But its gone now anyways so w/e
I don’t think it was that simple, but as you say it’s gone now.
@google-d48aa2fe45044fc39fe11fb33d76fbb6:disqus Right but the author would have had access to MY Google account.
1.)The author visited the page, and hes not signed in.
2.)He took a screenshot and posted it to this article.
3.)Now that page is waiting for a phone which is logged in to Google to pair with that randomized QR code.
4.)Say I scan the article’s screenshot with my logged in phone and follow the link it generated.
5.)Now assuming his page was open, wouldn’t I then be logged into my Google account on his browser?
No, they would need your login and password to do that, Because you have to be on your Google account on your phone. And if they already have your credentials, having them log on to your account through this site is the least of your worries
0.o Errrrr.. They took it down.
Hi there – thanks for your interest in our phone-based login experiment.
While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.
Stay tuned for something even better!
Dirk Balfanz, Google Security Team.
oops, didn’t see this update before i posted. still a bummer :)
it has been removed! bummer!
“Hi there – thanks for your interest in our phone-based login experiment.While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.Stay tuned for something even better!Dirk Balfanz, Google Security Team.”