i think i may have had a clever idea and it's your job to tell me that the idea is either bullshit (why?) or already in use (where?). here it is:<p>instead of a username/password form the website displays a qr code containing a random string generated by the server. the browser holds connection and is waiting for a response from the server. you scan the code with you smartphone, the app applies some crypto magic to the qr code's data and your login/password stored on your phone, send this information to the server. the server creates a session for the user, associates it with the website displaying the qr code, the browser is informed that login is complete, site reloads, login complete.<p>okay. i think i discovered a problem: why login to a website on a desktop pc if you have a smartphone. perhaps you want to download some dropbox files to the desktop pc, but you don't know your password, or don't trust the pc?!