Google's QR code log in experiment concluded

Google's QR code log in experiment concluded

Summary: Google's QR code log in method 'experiment' for accessing accounts on public computers appears to have run its course.


Google's QR code experiment seems to have been concluded, with a promise of new security features to come.

The method was similar to Google's two-step log-in process introduced in February 2011. The secure access method requires you to enter your password as well as a unique short code generated by a 'trusted device', such as your smartphone, in order to log-in to your account.

Both the QR code access method and two-step verification system added another layer of security to our personal accounts, but the former method made things easier and quicker -- on the basis you owned a smartphone.

How you were able to do it:

  1. Go to on your computer and you will see a QR code for a particular URL generated by Google.
  2. Use a QR reader app and scan the QR code on your phone or tablet. Following this, type the username and password of your Google account.
  3. Now you can click 'Start with Gmail' or 'Start with iGoogle' and the service is ready to go.

The experiment has now been concluded (whether most users knew it was an experiment in the first place is debatable), with a statement replacing the QR code login method:

Hi there -- thanks for your interest in our phone-based login experiment. While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.

Stay tuned for something even better!

Dirk Balfanz, Google Security Team.

If you're logging in on a computer using public Wi-Fi, it is a safer method to use QR code based log-in systems, as the entire exchange can't be recorded, and keylogging is ineffective. You need to be logged in to Google on your phone, but at least in theory this is safer than using an unknown, public computer system.

This may be the reason why Google never announced the log-in method on a public level. Although it wasn't a fullproof method of keeping account details safe, it did come in handy for the short time it existed if you had to rely on public computers. What do you think is coming next?

Image credit: Emmanuel Digiaro/Flickr


Topics: Security, Browser, Collaboration, Google, Hardware, Laptops, Mobility, Tablets, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Existing, similar system available for free in open source

    Earlier this year, Dutch National Research and Education Network SURFnet released a two-factor authentication solution based on apps for iOS and Android and QR codes in open source. This solution differs from Google's in that it's a challenge response based token (like a DigiPass or RSA SecurID).

    The solution is called tiqr and the apps are available for free from the app store. More information, the source code and a demo can be found on
    • Funny... It seems DigiPass has a similar system available for free too...

      Check out this video on Youtube:
      "What is MYDIGIPASS.COM?
      MYDIGIPASS.COM is the place where you can secure the accounts of your favorite websites with VASCO's strong, two-factor authentication technology.
      This video shows how you can easily log in to your online accounts with MYDIGIPASS.COM using a QR-Code based on DIGIPASS technology."
  • Excellent usage of QR Code

    thats an excellent idea to use QR Code for secure logins. QR Codes are really good source for inventions. Also they are very popular in web. And it is quite easy to add QR Code to the website using service like for online QR code generation