Normally I wouldn’t dare log into my Gmail account from a public terminal, but this QR based login from Google is definitely a step in the right direction from a security standpoint.

As first reported by Ian Paul from PC World, you can now securely log into your Gmail account without typing your username or password into a computer.

It works by using your iPhone as the means for authentication instead, and it’s a pretty slick way of staying relatively secure from would be password jackers. Video demonstration inside.

Step 1: To use the service, all you need to do is navigate to on your computer. There, you will be presented with a QR code that will assist you in the login process.

Step 2: Next, load up the Google app on your iPhone, and take a picture of the QR code using the camera option.

Step 3: If you’re already logged into the Google app, it should ask you to “start with Gmail”. Tap that button, and the page with the QR code will be automatically logged into your Gmail account. If you’re not logged into the Google app, it should ask you for your credentials, and afterwards log you in.

This seems like a relatively secure method for logging into your account from a public place. You will still need to keep a few security tips in mind as Paul brings out in his article, but if you use some good security sense, chances are you’ll be okay.

In the end I still wouldn’t recommend making it a regular habit of logging into your accounts from public places, or via free Wi-fi, but if you’re in a pickle, this can give you some peace of mind.

What do you think about logging into your Gmail account this way?

  • what if there isnt any wifi to connect ?

    • Then there won’t be a login …. -_- (Ridiculous question bro)

    • Anonymous

      Then what difference does it make to have it be a QR code or a password? No wifi means you can’t access it any way.
      This question just…. Damn.

  • what if there isnt any wifi to connect ?

  • what if there isnt any wifi to connect ?

  • what if there isnt any wifi to connect ?

  • what if there isnt any wifi to connect ?

  • Nice to know but Ill pass = )

  • jose castro


    Malicious QR codes combined with a permissive reader can put a computer’s contents and user’s privacy at risk. They are easily created and may be affixed over legitimate QR codes.[23] On a smartphone, the reader’s many permissions may allow use of the camera, full internet access, read/write contact data, GPS, read browser history, read/write local storage, and global system changes.[

    Risks include linking to dangerous websites with browser exploits, enabling the microphone/camera/GPS and then streaming those feeds to a remote server, analysis of sensitive data (passwords, files, contacts, transactions),[27] and sending email/SMS/IM messages or DDOS packets as part of a botnet, corrupting privacy settings, stealing identity,[28] and even containing malicious logic themselves such as JavaScript[29] or a virus.[30][31] These actions may occur in the background while the user only sees the reader opening a seemingly harmless webpage.[32]

    • Dan

      yeah I’m gonna pass on this

  • Anonymous

    … nice one 🙂

  • Xavier du Coudray

    I don’t understand the use of it. Wouldn’t one already be logged in to Gmail or anything already since your iPhone keeps your credentials? I can’t see when you’d need this. Am I missing the point? O.o

    • Anonymous

      Ya kinda are missing it. The point of this is that you never typed your password in that public PC where you don’t want your credentials exposed.
      You only took a pic of the QR code at Google’s “Sesame” page and the password part was done on your phone which (as long as it’s not connected to the public network) has no chance of being phished by anyone.
      After you do your thing on your phone, the page on the public PC is reloaded and redirects you to your gmail. No password entered on the computer.

      • Xavier du Coudray

        Well thank you. That makes a lot more sense! :p

  • Anonymous

    I NEVER use a public PC to check my mail. I use my iPhone! This gimmick from Google is useless to anyone with a smatphone.

  • Why sesame?

    • akin to “Open says me”

    • Anonymous

      “Open Sesame” is a magical phrase in the story of “Ali Baba and the Forty Thieves” in One Thousand and One Nights. It opens the mouth of a cave in which forty thieves have hidden a treasure; “Close Sesame” re-seals the cave. (source: wikipedia)

      It’s a reference in that your phone tells the webiste to “open.”

  • Agree! If you have an iPhone you can access your gmail from it, right?

  • Andrew

    I was gonna give it a try but when i click the link above I get this message

    Hi there – thanks for your interest in our phone-based login experiment.

    While we have concluded this particular experiment, we constantly experiment with new and more secure authentication mechanisms.

    Stay tuned for something even better!

    Dirk Balfanz, Google Security Team.


  • Chaotic Buddhist

    It sounds… useless…

  • Chaotic Buddhist

    Because, really, if you already have your iPhone with you, guess what you can do without needing a public terminal? Yeah, check Gmail.

  • everyone who thinks this is non-sense:
    this is useful, like with employees that think the mac/pc they are using has keylogger or whatever.
    if you have smartphone with you, can you open all types of file formats on your stupid phones? or like someone attached a excel file on your email and you want to edit it on the mac/pc that is not yours. there are lot of scenarios that you can take advantage of this kind of idea of security.

    think positive, not toooooo much negative.


    • Anonymous

      How often do you think you are going to be in situations like that? and if it is often, then buy yourself a laptop. Besides, you don’t need this stupid, silly, useless but cool gimmick to open/read/edit different types of files in your iOS device. There are apps for this in the Apple Store, apps like: Files Lite, Good Reader, Stanza, Document To Go Premium – Office Suite, etc. plus the ones from Cydia.
      This gimmick is so bad that Google took it out after just ONE week of public testing, so go figure.