Updated: Two ways to use a smartphone to log in to Google on a PC

10 Comments

UPDATED. My Google account was briefly hijacked last year, and although nothing major happened as a result, I decided to look into Google’s(s goog) two-step verification process. This adds a second layer of security because it combines “what you know with what you have,” says Google. You know your Google password, of course, but the second step requires the smartphone you have with you. Without the handset, your Google account can’t be accessed if two-step verification is enabled.

On Monday, PC Magazine wrote up one way to log in to your Gmail account on a PC by using a smartphone. It’s a clever and simple method. On the PC, you simply browse to https://accounts.google.com/sesame, where you will see a QR code.

Use a bar-code-scanning app on your Android or iPhone (which is already configured with your Google account credentials) to snap a pic of the code, which is a URL. Browse to the URL on your phone and tap the “Start with Gmail” button or “Start with iGoogle” button, whichever you prefer. Doing so causes the phone to shoot a verification to the PC, which immediately opens up Gmail.

[UPDATE: This method appears to be experimental. The day after this article was published, Google shut down the login service. Clicking the link now shows the following message from Google: “Hi there – thanks for your interest in our phone-based login experiment. While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms. Stay tuned for something even better!”]

I tested the function on my Galaxy Nexus and it worked perfectly. But I was already using a smartphone to verify my Google login with two-step verification. Google actually offers an application called Authenticator for Android, iOS(s aapl) and BlackBerry(s rimm) devices. Instead of calling or texting a verification code to your smartphone, Authenticator creates six-digit verification codes on the fly, without any connectivity required. Each code lasts only 30 seconds, much like a rolling code. Entering the code when prompted during log-in to a Google account provides access.

Although I have been using the Authenticator app for some time, I like the QR code method better. There are no verification codes to manually type; it is a simpler process that still combines “what you know with what you have.” And if you add in passcode security on the phone itself, there is another layer of security with either approach to help out in case you lose your handset.

If you are not familiar with Google’s two-step verification feature, here are the details from the rollout last February, as well as this video to explain how it works.

[youtube=http://www.youtube.com/watch?v=zMabEyrtPRg]

10 Comments

wendell ignacio

I never understood how to get google to send code 2step paswrd. I
Sent request none inbegining it would automaticlly done ??? Then came app specific paswrd. Never explained where I enter the code
Enter in log inter as contact how to identify contact. For next entry
Etc google never explained its detailed procedure android has multiple settings button per feature not all few/ main issue is my statement “these words hurt my eyes”. ovr&ovr I explained got more of translate these letters

Signintogmail

This is a smart attempt but I find the Google authenticator better at the moment.Anyway may Google continue experimenting with new features.That is the purpose of Google Labs after all,features are born and buried here.

Robert

The Google QR code linked in this article no longer works. Apparently, the “experiment” has concluded with no further information.

Kevin C. Tofel

Thanks Robert. That’s a shame, because I liked the implementation! I’ll update the story — and stick with Google’s Authenticator app on my Android and iOS devices. :)

home

OK, now I am really lost.
Does either or both send text messages or not? From reading the first 2 comments it sounds like yes then no!

Kevin C. Tofel

No, neither of the two methods sends or uses text messages. One use a barcode scanner and camera on the phone, while the other is an app that generates a verification code.

MerryMaker846

This is a dead issue. Google botched this so badly. I unplugged it because it BURIED me in text messages. BURIED. Even if you were logged in, you got text after text after text. They’ve got loads of smart folks, this was not a smart way to handle it.

Comments are closed.