{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

Google has been trialling a new secure login that uses a QR code to verify the user’s identity.

The authentification tool was an experiment to find a new way of securely logging into Gmail on a public computer.

Some users that tried to login on a public computer were asked to scan the QR code using their smartphone, which then directed them to another login page.

After signing in on their phone users were then routed to their Gmail account on the desktop computer.

Google software engineer Dirk Balfanz confirmed the experiment, which has now finished, on Google+ and said a different authentification process was also in the works.

Google only recently launched its 2-step verification process; an optional service that sends the user an additional code to their mobile after they have entered their Gmail username and password.

The QR code verification process works in a similar way as it requires the user to have their mobile phone to be able to login, but it is slightly more advanced since the user must have a smartphone rather than a normal mobile.

Mobile web consultant Terence Eden said the QR experiment is another example of mobile becoming the ‘key’ that unlocks our online world.

Having a separate communications channel also helps prevent man-in-the-middle attacks - your laptop may be on insecure wifi but your phone will be on a secure 3G signal.”

However he said although this trial is being run by Google, it is unlikely to be the catalyst for a wider take-up of QR codes.

I think we will need better education for users before this can take off. It's not very common to use two factor authentication for most people - that's the biggest challenge rather than the specific implementation.”

There have been several high profile uses of QR codes recently – not all of them well planned – but data on the number of scans is rarely published.

A TfL poster campaign achieved 4,500 clicks, roughly 70 per day, since going live in November, but as there are few similar data sets available it is difficult to benchmark against other campaigns.

David Moth

Published 18 January, 2012 by David Moth @ Econsultancy

David Moth is Editor and Head of Social at Econsultancy. You can follow him on Twitter or connect via Google+ and LinkedIn

1682 more posts from this author

Comments (2)

Avatar-blank-50x50

Andrew Liddell, Ecommerce Business MGR at Personal

Interesting that you need a smart phone! Its a security/tracking authentication method that many people will be un aware of.

over 4 years ago

Avatar-blank-50x50

Scott Goldman

ANY form of 2FA is better than none. Google's effort to bring the mainstream into authentication here is laudable but, in my opinion, flawed. This is a convoluted process that requires multiple steps, a smartphone (shockingly, half of all phones in the US are still standard "feature" phones) to read the QR code and some agility to read the code properly.

The flaw is based on the fact that in a battle between security and convenience, convenience wins. If users are forced into multiple steps to complete they'll simply turn that option off or go elsewhere.

A 2FA method that is more secure uses a cell phone and text messaging but displays an alphanumeric code on the web page instead of a QR code and simply has the user text in the code from the cell phone which has been pre-registered and associated with that ID and password. When this approach is taken there is no open field on the web page to be hacked and the cell phone cannot be spoofed due to the UDID requirements and check at the carrier level.

It seems unlikely that any of Google's QR code process is as simple to the user as just sending an SMS from their phone. Simple, fast and less hackable than other available methods.

Finally, while this method is possible for a company with Google's resources it doesn't allow for downward scalability for smaller businesses. Implementation of security measures for SMEs is a hurdle to most methods. There's no conceivable way that Google's method could be transportable to smaller companies with any ease.

Scott Goldman
CEO - TextPower, Inc.

over 4 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.