Google Security Part 2 – Open Sesame – Look ma, no hands login

In my Google 2 step authentication article, I covered extra security you could place on your Google account (come on, you’ve all implemented it now haven’t you ? :) ), but key-loggers can still get your username and password when logging onto a public unsecured computer, and the less information you give away the better. While it’s still only experimental, Google seems to be working on a solution:

  1. Point the unsecure terminal’s web browser to accounts.google.com/sesame and you’ll see a QR Code.
  2. Scan the on screen code on your phone
  3. Your phone’s browser will ask you to verify your Google account and password
  4. Once verified, the unsecure terminals browser will automatically redirect you either to Gmail or iGoogle ( your choice ).
This allows Google login with NO keystrokes on the unsecure terminal.
The QR Codes are only valid for a short amount of time, and you do need a smartphone with internet access and the ability to read QR Codes. It’s all pretty cool :)
This was an experimental project by Google and the actual project ended about 1 hour after I finished writing this post. :( Rather than having wasted my time, I thought I’d leave this here as an indication of the sort of things that Google is coming up with in regards to security around your Google account ( hopefully Julie lets this post through ). I’ll keep things up to date if it or similar comes back again. For those that are interested about security around their Google accounts there was a great article in The Atlantic a while ago called Hack!. Well worth a read when you have a spare moment.  This is exactly the same scam used with my friends Hotmail account in the my first article.

Oh and please whenever you make use of any public terminal make sure you log off and take your tinfoil hat with you before you leave.  :)

Posted in: News

{ 0 comments… add one }

Leave a Comment