Categories
Google Security

Google Open Sesame

Google quietly put up a new login method via QR code. Essentially the way it works is you view the QR code viewed on a computer or tablet. Then use your smartphone to open the QR code and login via your browser. That process remotely validates the session and that computer can then access your account until you logout. Essentially eliminating the need to enter a password on that computer.

Presumably the idea is to work around keyloggers that may record passwords. However, if you don’t trust a computer enough to use a password, do you really trust that it’s not watching everything you are doing? If the computer hardware or software is compromised not even SSL will save you. This might be better, but I’d think it’s only marginally so. I personally just make a rule of not using computers I don’t trust. Given I have a smartphone in my pocket, this is pretty easy to live by these days. Given computers are getting smaller and cheaper, I question if encouraging the use of shady terminals is worthwhile.

Regardless, pretty innovative and clever.

Categories
Internet Security

AOL and OpenID

So AOL uses OpenID. What’s pretty cool is that it adds 63 million OpenIDs thanks to AOL’s large user base (according to AOL). They also said:

We don’t yet accept OpenID identities within our products as a relying party, but we’re actively working on it. That roll-out is likely to be gradual.

OpenID is designed so that you can use provider to store your data, and authenticate to any OpenID enabled service using your own provider. The beauty of this is that unlike other unified login schemes, this one doesn’t form some sort of monopoly. I decided to take and see how far they’ve come. AOL’s rather long standing login page (which really hasn’t changed much since the AOL/Netscape authentication merge happened years ago) has finally been updated. The biggest change is the presence of prefs to allow you to choose what method of login you wish to use. I decided to try OpenID, and used mine. The results I guess aren’t so unexpected:

AOL OpenID

Interestingly, Netscape.com does support OpenID just fine.

OpenID is a really sweet system. Hopefully it will take off and do well. Hopefully there won’t be bias as to who accepts who as a provider.