UPDATED. My Google account was briefly hijacked last year, and although nothing major happened as a result, I decided to look into Google’s(s goog) two-step verification process. This adds a second layer of security because it combines “what you know with what you have,” says Google. You know your Google password, of course, but the second step requires the smartphone you have with you. Without the handset, your Google account can’t be accessed if two-step verification is enabled.
On Monday, PC Magazine wrote up one way to log in to your Gmail account on a PC by using a smartphone. It’s a clever and simple method. On the PC, you simply browse to https://accounts.google.com/sesame, where you will see a QR code.
Use a bar-code-scanning app on your Android or iPhone (which is already configured with your Google account credentials) to snap a pic of the code, which is a URL. Browse to the URL on your phone and tap the “Start with Gmail” button or “Start with iGoogle” button, whichever you prefer. Doing so causes the phone to shoot a verification to the PC, which immediately opens up Gmail.
[UPDATE: This method appears to be experimental. The day after this article was published, Google shut down the login service. Clicking the link now shows the following message from Google: “Hi there – thanks for your interest in our phone-based login experiment. While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms. Stay tuned for something even better!”]
I tested the function on my Galaxy Nexus and it worked perfectly. But I was already using a smartphone to verify my Google login with two-step verification. Google actually offers an application called Authenticator for Android, iOS(s aapl) and BlackBerry(s rimm) devices. Instead of calling or texting a verification code to your smartphone, Authenticator creates six-digit verification codes on the fly, without any connectivity required. Each code lasts only 30 seconds, much like a rolling code. Entering the code when prompted during log-in to a Google account provides access.
Although I have been using the Authenticator app for some time, I like the QR code method better. There are no verification codes to manually type; it is a simpler process that still combines “what you know with what you have.” And if you add in passcode security on the phone itself, there is another layer of security with either approach to help out in case you lose your handset.
If you are not familiar with Google’s two-step verification feature, here are the details from the rollout last February, as well as this video to explain how it works.