SiliconFilter

Google: That QR Login Page is Just an Experiment, “We’re Already Working on Something Better”

/

A nifty little undisclosed Google service made the rounds on the Internet today. By going to a specific website, Google would give you a QR code to scan on your phone and then let you log in to a desktop Gmail session without having to actually type your login credentials on the computer. Google had never announced this service officially. Now it's clear why. According to Google's Dirk Balfanz, a member of the company's security team, this was just an experiment and, says Balfanz, will likely go away at some point.

"We're Already Working on Something Better"

Google is, he says, always working "on improving authentication, and try out different things every now and then. We're working on something that I believe is even better, and when that's ready for a public trial we'll let you know."

Google has now also updated the login page with virtually the same message. As Balfanz notes on Google+, the team doesn't want people to start relying on an unsupported feature.

The web, of course, lit up earlier today when this service first appeared, thanks to a Google+ post by a non-Google programmer who stumbled upon the feature by coincidence. It's not often, after all, that somebody discovers an unannounced Google feature on the public web.

The interest in this service shows, though, that there is clearly a market for this, which will hopefully motivate Google to launch an official product with similar functionality in the near future.

Google smartphone message experiment



10:19 pm


Open Sesame: A Safer Way to Log In To Your Google Accounts

/

Google has introduced an interesting new way for logging into your Google accounts by just scanning a QR code on the screen and without having to actually type your password into a computer. To use this new feature, just head over to https://accounts.google.com/sesame and a QR code will appear on your screen. Scan the barcode on your phone (you can use any app that can read QR codes for this, including the popular RedLaser app on the iPhone or Google's own apps).

This new log-in mechanism will be especially useful when you are using a public computer where you can't be sure that somebody hasn't installed a keylogger or a similar device.

Gmail login phone

The feature was first described by Walter Chang on Google+, though it's possible that this tool has been available for longer.

How it Works

Here is how it works: Google presents you with a one-time use barcode on the screen. You scan the code and your mobile scanner app will recognize that it's a link and take you to your mobile browser. Google will then ask you to type in your password on your phone and to confirm that you really want to log in on the computer, too. Once confirmed, your desktop browser will receive notice from Google that you are good to go and open a Gmail session for you.

Caveats

Now, obviously, as the good folks on HackerNews point out, if you are on a computer you don't fully trust, you can never be 100% sure that whoever installed a keylogger on the machine isn't also doing other nefarious things while you are logged in.

Still, this is definitely safer than just typing your password on a computer that isn't yours and may even add some extra security for those who sometimes have to work on unsecured WiFi networks as well.

Enhanced by Zemanta


10:26 am