Google testing login authentication via QR codes

Summary:Instead of entering a Google Account password on public computers that might be infected with keystroke loggers, Google is experimenting with a phone-based authentication scheme.

Google has quietly tested a new login mechanism for users on public computers -- authentication via QR codes scanned by mobile devices.

The phone-based authentication, spotted by the folks at Hacker News before it was pulled offline by Google, is a variation of the GMail two-step verification scheme.

Codenamed Sesame, the feature is aimed on computer users logging into GMail or other Google accounts on public computers in libraries or coffee shops because of the high risk of spyware/keyloggers on thos machines.

It lets users scan a QR code from a special Google Web page.  The QR code will return a Web page on the user's phone and once that URL is tapped, the desktop browser will automagically redirect to the users's logged-in Google Account without requiring a password.

Google's Dirk Balfanz says it was an experiment that's not yet ready for prime time:

We always work on improving authentication, and try out different things every now and then. We're working on something that I believe is even better, and when that's ready for a public trial we'll let you know.

More discussion on this at Google+.

Topics: Security, Google


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.