January 17, 2012, 10:49 AM —
I’m a firm believer that the best camera is the one you have with you, a wise photography adage (and point of pride for iPhone enthusiasts). Likewise, I think the best personal password security should be no more than an arm’s length away, and that’s exactly what Google offered, until early this morning.
I wrote up about half a post last night extolling the virtues of Google’s unnamed security experiment. When you were using a computer other than your own to access Google, on which you might not have 100 percent certainty in the security, you could, instead of logging into Google directly, head to http://accounts.google.com/sesame. That page--note the URL, with its Ali-Baba-derived “Open Sesame” intonation--would show you only a big, blotchy QR code. Your job was to pull out your phone and scan it. Most newer Android phones come with Google Goggles pre-installed, and it’s very fast at finding and translating QR codes. But you could also use a dedicated Barcode Scanner app on Android, or on Apple devices, open up the “Apps” menu and access Goggles on Google’s Search app, or, again, use an iOS barcode scanner.
[ Free download: 3 things Google Apps needs to fix... like, NOW ]
Any which way you scan that splotchy square, it would then open up a page on your mobile device’s browser. You’d probably be logged in there, but if not, you could do so over your mobile data connection, which is likely less vulnerable at that exact time and place. After you verified through your phone, with a flash of impress-your-friends magic, the page with the QR code showing would load either Gmail or Google’s personalized start page, iGoogle. With nearly all of Google’s services offering secure, encrypted connections, you could happily swim about the internet while inside a substantial digital shark cage.