In my Google 2 step authentication article, I covered extra security you could place on your Google account (come on, youβve all implemented it now havenβt you ? π ), but key-loggers can still get your username and password when logging onto a public unsecured computer, and the less information you give away the better. While itβs still only experimental, Google seems to be working on a solution:
- Point the unsecure terminalβs web browser to accounts.google.com/sesame and youβll see a QR Code.
- Scan the on screen code on your phone
- Your phoneβs browser will ask you to verify your Google account and password
- Once verified, the unsecure terminals browser will automatically redirect you either to Gmail or iGoogle ( your choice ).
This allows Google login with NO keystrokes on the unsecure terminal.
The QR Codes are only valid for a short amount of time, and you do need a smartphone with internet access and the ability to read QR Codes. Itβs all pretty cool π
This was an experimental project by Google and the actual project ended about 1 hour after I finished writing this post. π Rather than having wasted my time, I thought Iβd leave this here as an indication of the sort of things that Google is coming up with in regards to security around your Google account ( hopefully Julie lets this post through ). Iβll keep things up to date if it or similar comes back again. For those that are interested about security around their Google accounts there was a great article in The Atlantic a while ago called Hack!. Well worth a read when you have a spare moment.Β Β This is exactly the same scam used with my friends Hotmail account in the my firstΒ article.
Oh and please whenever you make use of any public terminal make sure you log off and take your tinfoil hat with you before you leave.Β π