Google has released a new way to securely log into Google accounts on public computers. Using a smartphone, scan the QR code generated at accounts.google.com/sesame. The Google login prompt will appear on your phone, and logging in there will log you into a session on the desktop.
This prevents the user from having to type sensitive login credentials into a public machine, which could be compromised with keylogging software. The new QR code feature is an alternative to Google’s 2-step verification. This generates a unique short code on your mobile, which you must input for each desktop login, using the presence of your phone as a form of identification.
Adoption of QR codes is a slow-growing oddity. The last study we saw indicated that 5% of U.S. adults have scanned the 2D bar codes with their smartphones. QR codes allow us to put hyperlinks anywhere in the real world. We’ve seen some neat use cases, such as a project to put QR links to Wikipedia entries on their corresponding real-world places. But most of the current use of QR codes is in pretty mundane marketing campaigns, and lots of people find them inscrutable.
Google’s use of QR codes as a security feature is much more compelling than a Cheetos ad. Android users can use Google Goggles, and iOS users can use the free Google Search app. If you choose to use sesame to log in to your Google account, PC World has some great security tips.
If you’re logging in on a computer using public Wi-Fi, it’s safer to use the cellular data network on your phone, so packet sniffers can’t catch the whole exchange. Also, make sure the site on the desktop uses a secure HTTPS connection from the real google.com domain, or else you’re on the wrong site, and you shouldn’t enter your account information.
Once again, the QR-based login is available at accounts.google.com/sesame.