[Updated] Open Sesame: Google’s Newest Security Log-In Uses QR Codes

    January 16, 2012

Be you a hyper-vigilant security hound or just a devoted paranoiac, Google has introduced a way in which you can at least alleviate that sensation whenever you log in to your Google account.

In an effort to circumvent keyloggers or even security flaws on public computers, Google’s new log-in doesn’t require you to touch a keyboard at all (at least that’s a little less you’ll have to touch germy keyboards) as it enables a QR code to gain entry to your account. Tentatively (?) titled Sesame, the feature generates a QR code that you scan with your smartphone. By following the URL for Sesame (https://accounts.google.com/sesame), you will be presented with a page that displays only a QR code.

After you scan the QR code, you will be prompted to open a URL via the scanner app. Once you click yes, you will be directed to a webpage in your mobile browser like this:

Once there, you can select whether to open your account in Gmail or iGoogle. Once you select an option on your phone, the screen in which the QR code originally appeared will redirect you to whichever Google page you selected.

I’ve got more than one Google account so, at this time, I’m unsure how Google determined which account of mine I wanted to open but I’m going to assume the decision is based on whatever account I have synced to Google Apps on my phone. Also, you will only have a limited time to scan the QR code with your phone before you’re session will time out. At that point, you’ll have to reload a new QR code.

And just like that, you’re in. It’s the hands-free version of Google log-ins. Now sleep a little better tonight knowing less people might be following your activity.

UPDATE: Well, that was a nasty little tease from the Google hobbitses. As mentioned below by commenter Joe, Google has indeed pulled the QR security code log-in feature. The Sesame page now displays:

Hi there – thanks for your interest in our phone-based login experiment.
While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.

Stay tuned for something even better!

Dirk Balfanz, Google Security Team.

Oh well. Thanks for all the fish?