January 16, 2012

Google Account Authentication Using Your Phone

How do you login to your Google account on a computer you don't trust? When you type your username and password, a keylogger could capture them and save them. If you have a phone or a tablet with you, there's a better way:

1. Just go to accounts.google.com/sesame on your computer (Open Sesame helps you remember the address) and you'll see a QR code for a special URL generated by Google.

2. Use a QR reader app like QR Reader for iPhone, Barcode Scanner for Android, Google Goggles, Google Shopper or Google Search for iOS. Scan the QR code on your phone or tablet and type the username and password of your Google account.

3. Now you can click "Start with Gmail" or "Start with iGoogle" and the corresponding service will automatically load in the desktop browser. Obviously, you can use any other Google service.



Update: Apparently, it was just an experiment and it no longer works. "Thanks for your interest in our phone-based login experiment. While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms. Stay tuned for something even better," says Dirk Balfanz from the Google Security Team.

{ Thanks, Petros. }

15 comments:

  1. http://goto.google.com/login also works.

    ReplyDelete
  2. Why would you be doing anything on a computer you don't trust?

    ReplyDelete
    Replies
    1. If you just need to send a mail which is not secret, you may send it from a cyber cafe but in order to do so you must enter your password which is definitely secret.

      Delete
    2. Any of the following scenarios could constitute a computer you do not trust:
      A student using a campus computer.
      Using a coworker's computer.
      Testing a computer you wish to purchase at a store.
      Testing a computer at a convention.
      A technician, diagnosing a customer's computer in a lab.
      A computer in a cyber cafe or ather public access location.

      Delete
  3. Obviously, Google is of the mindset that the kids will be doing it anyway, might as well make it as safe as possible...

    ReplyDelete
  4. https://accounts.google.com/sesame & http://goto.google.com/login

    gets:

    Hi there - thanks for your interest in our phone-based login experiment.
    While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.

    Stay tuned for something even better!

    Dirk Balfanz, Google Security Team.

    ReplyDelete
    Replies
    1. Hi Dirk,

      I have a high tech start up we are investigating one touch log in using mobile phone number as authentication....are you pursuing this technology? and if so, is it worth a conversation?

      kind regards

      nick

      Delete
  5. Yup, it has been taken down.

    ReplyDelete
  6. Why would anyone use public PC if he already has Internet on the phone :)

    ReplyDelete
    Replies
    1. Because he doesn't have a full-sized keyboard or a 50" display on his phone?

      Delete
    2. Because the phone doesn't support Flash.
      Because the user wants to download data to the computer.
      Because the user wants to diagnose or test the computer in some way.
      Because the computer is on a network that the phone can not access which is either faster or has access to data that the user wants to use in conjunction with his/her Google account.
      Because the computer has software, data, peripherals, features or capabilities that the phone can not access (Keyboard, mouse, larger screen, fingerprint identification...).
      Because the phone's battery is near empty, or needs to be reserved.
      Because the user wants to use the computer and doesn't have a phone, but uses a friend's phone (which he trusts) to access a computer (which he doesn't trust).

      Delete
  7. Maybe I will try this service to get more secure in using google services such as gmail.

    ReplyDelete
  8. Wish it still worked.....

    ReplyDelete

Note: Only a member of this blog may post a comment.