Google's QR code log in experiment concluded
Summary: Google's QR code log in method 'experiment' for accessing accounts on public computers appears to have run its course.
Google's QR code experiment seems to have been concluded, with a promise of new security features to come.
The method was similar to Google's two-step log-in process introduced in February 2011. The secure access method requires you to enter your password as well as a unique short code generated by a 'trusted device', such as your smartphone, in order to log-in to your account.
Both the QR code access method and two-step verification system added another layer of security to our personal accounts, but the former method made things easier and quicker -- on the basis you owned a smartphone.
How you were able to do it:
- Go to accounts.google.com/sesame on your computer and you will see a QR code for a particular URL generated by Google.
- Use a QR reader app and scan the QR code on your phone or tablet. Following this, type the username and password of your Google account.
- Now you can click 'Start with Gmail' or 'Start with iGoogle' and the service is ready to go.
The experiment has now been concluded (whether most users knew it was an experiment in the first place is debatable), with a statement replacing the QR code login method:
Hi there -- thanks for your interest in our phone-based login experiment. While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.
Stay tuned for something even better!
Dirk Balfanz, Google Security Team.
If you're logging in on a computer using public Wi-Fi, it is a safer method to use QR code based log-in systems, as the entire exchange can't be recorded, and keylogging is ineffective. You need to be logged in to Google on your phone, but at least in theory this is safer than using an unknown, public computer system.
This may be the reason why Google never announced the log-in method on a public level. Although it wasn't a fullproof method of keeping account details safe, it did come in handy for the short time it existed if you had to rely on public computers. What do you think is coming next?
Image credit: Emmanuel Digiaro/Flickr
Related:
- Gallery: Bizarre QR code use
- QR codes on campus: why don't they work?
- Google fixes offline Gmail app, increases student appeal?
- Google+ updates: Improved stream, photo tagging, sneak previews
- Scribble your email: New feature for Gmail iOS
- Passwords to become fossils by 2017?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Existing, similar system available for free in open source
The solution is called tiqr and the apps are available for free from the app store. More information, the source code and a demo can be found on https://tiqr.org/
Funny... It seems DigiPass has a similar system available for free too...
"What is MYDIGIPASS.COM?
MYDIGIPASS.COM is the place where you can secure the accounts of your favorite websites with VASCO's strong, two-factor authentication technology.
This video shows how you can easily log in to your online accounts with MYDIGIPASS.COM using a QR-Code based on DIGIPASS technology."
Excellent usage of QR Code