Sign Into Your Google Account On Public Computers Without Typing Anything

If you ever want to log into your Google account when you're at a public computer, where you're unsure whether or not there's a keylogger installed, there's now a solution. And it's from Google!

First, point the (insecure) computer's browser at accounts.google.com/sesame. Now pull out your Android or iPhone, and take a shot of the QR code that pops up on screen. This will signal to Google's servers that you're at this terminal and will log you into your Google account without any further typing.

Of course, you're going to have to be logged into your Google account on your phone, but theoretically your phone is secure, while the terminal you're at is not. Also, make sure to log off when you're done!

Google Debuts Secure Password-Free Login via QR Code [Softpedia via Google Plus]

WATCH MORE: Tech News & Life Hacks

Comments

    Good info!

    That's really cool, especially if you have 2factor authentication activated - so easy yet so secure!

    Maybe I'm missing something here but if you need a smartphone with an Internet connection to process the QR code, doesn't that limit the usefulness of the application?

    Obviously it's easier to type on a public computer with a proper keyboard but if you're that worried about the security, I'd be tempted to just use the smartphone for accessing the Google apps anyway.

      I have to often work with remote PC's, and the only way to send myself stuff in and out and between PC's is through Gmail. This is an awesome solution!

    I'm not sure about this. It would be good if it generated a QR code that forwarded to an app that at least prompted for some input on your handset before logging you in rather than needing no input whatsoever should you already be logged into your Google account. Maybe invoke the Google Authenticator and implement some new functionality here to prompt for your password on your phone prior to logging you in on the computer's browser?

    Seems to me that even though you always had your Google account a little vulnerable should your phone security be bypassed, it's now massively vulnerable as people can log into your account on any computer that they like once they have access to your phone.

    Google Authenticator was a great step forward in bringing two-step security to the masses (and it's great to see people like lastpass now using it), but this decision I'm less sure about.

      A bit of research threw up this: https://tiqr.org/

      This is more like it - prompts for a PIN on the phone before the browser login continues. They should bake this into Google Authenticator.

      Could also do with enable/disable of this for Google Apps administrators.

    I tried it, and as usual for Google, a great proof of concept.

    But as CraigP said, if you have a smartphone with internet access, what's the point?

      Isn't the point obvious: data roaming overseas is hideously expensive. So bearable to do the quick login (a few kilobytes), but nothing more than that.

    Does this work with WP7?

    Hi there - thanks for your interest in our phone-based login experiment.
    While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.

    Stay tuned for something even better!

    Dirk Balfanz, Google Security Team.

    Clarification - the above is what you get when you try that site now. You get that message from Dirk Balfanz.

    Dirk himself didn't just post that message to LifeHacker........

Join the discussion!

Trending Stories Right Now