X
Tech

Google testing login authentication via QR codes

Instead of entering a Google Account password on public computers that might be infected with keystroke loggers, Google is experimenting with a phone-based authentication scheme.
Written by Ryan Naraine, Contributor
zerodayqrcode.png

Google has quietly tested a new login mechanism for users on public computers -- authentication via QR codes scanned by mobile devices.

The phone-based authentication, spotted by the folks at Hacker News before it was pulled offline by Google, is a variation of the GMail two-step verification scheme.

Codenamed Sesame, the feature is aimed on computer users logging into GMail or other Google accounts on public computers in libraries or coffee shops because of the high risk of spyware/keyloggers on thos machines.

It lets users scan a QR code from a special Google Web page.  The QR code will return a Web page on the user's phone and once that URL is tapped, the desktop browser will automagically redirect to the users's logged-in Google Account without requiring a password.

Google's Dirk Balfanz says it was an experiment that's not yet ready for prime time:

We always work on improving authentication, and try out different things every now and then. We're working on something that I believe is even better, and when that's ready for a public trial we'll let you know.

More discussion on this at Google+.

Editorial standards