Google Open Sesame

Google quietly put up a new login method via QR code. Essentially the way it works is you view the QR code viewed on a computer or tablet. Then use your smartphone to open the QR code and login via your browser. That process remotely validates the session and that computer can then access your account until you logout. Essentially eliminating the need to enter a password on that computer.

Presumably the idea is to work around keyloggers that may record passwords. However, if you don’t trust a computer enough to use a password, do you really trust that it’s not watching everything you are doing? If the computer hardware or software is compromised not even SSL will save you. This might be better, but I’d think it’s only marginally so. I personally just make a rule of not using computers I don’t trust. Given I have a smartphone in my pocket, this is pretty easy to live by these days. Given computers are getting smaller and cheaper, I question if encouraging the use of shady terminals is worthwhile.

Regardless, pretty innovative and clever.

Leave a Reply

Your email address will not be published. Required fields are marked *