In association with heise online

17 January 2012, 11:13

Google briefly experiments with Sesame phone-based login

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom Using the new login service in an internet café involved typing your access credentials into your smartphone

During what appears to have been a brief experiment, under the URL, Google offered users a new means of logging into their accounts. Going by the name of Sesame, the new procedure allowed users to access Google services without having to enter their password. This provides protection against threats such as keyloggers on public computers.

On accessing the Sesame web site, a QR code is displayed, which the user then scans using his or her smartphone. QR reader apps are available for most mobile operating systems. A login page is then displayed on the smartphone, which the user then uses to log into his or her account. Once the user has logged in, the potentially non-secure computer then automatically displays the requested Google site.

While available, tests by heise Security, The H's associates in Germany, found that Google Sesame worked perfectly on both iPhone and Android smartphones. The Google session is terminated when the user closes the browser window.

The site has now been replaced with a message thanking users for their interest "in our phone-based login experiment" and asking them to "Stay tuned for something even better!" Dirk Balfanz of the Google Security Team said on Google+ that it was an experimental feature which had been discovered by some users.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit