
Encoding your WiFi access point password into a QR code - edward
https://feeding.cloud.geek.nz/posts/encoding-wifi-access-point-passwords-qr-code/
======
BiteCode_dev
Most ISP put this kind of QR code on the provided "modem" in France with the
default Wifi password of the device.

I love QR code. I think it should be everywhere. All legal documents and forms
should have one. All supermarket bills should have one.

It's a fantastic way to transition from paper to bits.

Unfortunately most users have no idea what it is. They don't know what a URL
is, so a QR code is out of the question.

Plus they don't necessarily have a QR code scanner on their devices: not all
phones have one by default, most laptops definitely don't. Not to mention some
QRcode readers are sometimes just the regular camera app (E.G: modern iOS),
which is very confusing. And even if all that is not a problem, your QRcode
scanner may not be able to understand a particular format or will read the
Wifi code but just display it while it's supposed to save it as a new access
point.

It's definitely not a solved problem.

~~~
matt-attack
Are you not concerned that QR code’s are just completely opaque URLs asking to
be clicked? Do you confidently click on URLs in spam emails? Of course not
since we all know URLs can point to malicious payloads. So why should we love
QR code’s that could just as easily do the same.

If I’m a spammer trying to get people to click on my bogus links in my email
messages, why wouldn’t I also print those same URLs as QR codes and paste them
around my city with creatively enticing titles.

~~~
ctdonath
Do you never click URLs in emails? Of course you do, when you're confident the
sender is reputable.

Parent was referencing trusted contexts: the default password printed on your
wifi router, the bill a cashier just handed you for what you just bought, the
legal papers you just signed, etc. The QR code just links the trusted document
with trustworthy digital versions & extended content.

I'm not worried a spammer is going to get a bogus QR printed on the grocery
store receipt I just received. I'm not going to scan QR codes printed & posted
on subway walls for no apparent reason.

~~~
kohtatsu
I can't imagine a qr code on a receipt being anything but tracker-infested
spam.

~~~
mk89
That's how it currently is in some shops. Amazing how marketers are always
ahead on such technologies.

------
zcw100
I really think manufacturers have really missed out on an opportunity with QR
codes by handing them over to marketing. Most of the early QR codes in the US
were just links to advertising. I'm not going out of my way to scan a QR code
just to be advertised to.

On the other hand it could have been a great way to develop much better
relationships with your customers. As a trivial example, I own a snowblower.
It would be nice if there had been a QR code on the machine that identified
that specific machine. I could have scanned it and immediately registered it
with the manufacturer. Scanning the code could take you to a manufacturer page
for your specific machine, where you could record routine maintenance like oil
changes, get a copy of the manual, and order replacement parts. They could
send you periodic reminders like, "it looks like it's been a while since an
oil change", or "it's getting cold outside. Now's a good time to make sure
everything is in shape".

There is a ton of stuff around the house that I need to record information
about but have to have my own system. If the manufacturer provided a way to do
that they could offer their expertise with the product and a convenient way
for you to record that information. I'd love to have a QR code on the side of
my HVAC system, water heater, filtration system, etc.

------
jopsen
I painted my wifi password as a QR code on 40x40cm canvas..

Painted as in with a brush and paint, it was a bit of work, but now it's both
pragmatic and pretty :)

~~~
jensneuse
Pics or it didn't happen.

~~~
StavrosK
I mean, it's not _that_ hard to believe...

~~~
katnegermis
I think it is a joke-attempt at getting him to reveal his wifi password :)

~~~
StavrosK
I have hereby been whooshed, though in my defense I have a guest-only,
throttled and isolated wifi network so the potential for misuse didn't occur
to me.

~~~
Fnoord
I have exactly the same. I don't want the entire world to use it though, as it
still uses my broadband connection, which contains my external IPv4 address. I
guess I should tunnel it over a VPN instead.

~~~
fastball
Pretty sure only people who know where you live can use your wifi network, and
only then when they are in range - not the entire world.

------
pksadiq
There is a Merge Request to support QR code for hotspot created in GNOME
control center: [https://gitlab.gnome.org/GNOME/gnome-control-
center/merge_re...](https://gitlab.gnome.org/GNOME/gnome-control-
center/merge_requests/644) Hopefully, shall be available in next release

------
t34543
Fun fact: TicketMaster scanners can perform admin functions via QR code,
including “testing” the tone that tells the agent your ticket is valid.

~~~
OkGoDoIt
Ooo, care to share any examples? For… research purposes…

------
ubergesundheit
Combine this with some automatism which changes the password of your guest
WiFi and putting it on a cheap e-ink display.

------
m45t3r
This is interesting, however my main problem with really long Wi-Fi password
are devices that have bad ways to input text. Things like media box using a
remote controller or a video game console using it's controller.

WPS was born to fix this, however the specification is so broken that it is
literally useless from a secure standpoint.

~~~
gruez
Also, there's no need for 63 character passwords. You can get ~128 bits of
entropy with around 22 alphanumeric characters.

~~~
tzs
On some devices it may be easier to enter a long password from a restricted
character set than to enter a shorter password from a richer set.

For example, I've seen TVs that allow using a numeric keypad on the remote for
entering digits in text and password fields, and require use of a clumsy on-
screen keyboard for entering letters or punctuation. The on-screen keyboard is
navigated with the up/down/left/right/ENTER buttons on the remote, and might
have multiple shift states for case and punctuation requiring navigating to
and pressing a shift key whenever the password has adjacent characters that
need different shift states.

On such a TV, I'd rather enter a 39 character all numeric password than a 22
character alphanumeric password. Entering 39 characters on a hardware numeric
keypad is way faster and way less error prone.

~~~
em-bee
if the on-screen keyboard even has all the characters needed.

when we got new internet in our previous home i was forced to change our
password that everyone had already set from previous use, because the new
configuration interface didn't allow spaces. so i used underscores. then
family visited and they had a tablet with a keyboard that didn't have
underscores.

------
asaph
If you choose to put a WiFi password up on a sign as a QR code, _do not_ post
it in view of a window. Passers-by should not be able to connect to your
network from outside your home or office. This advice also applies to plain
text passwords posted on signs.

~~~
hwc
I taped the qrcode to the top of my access point so I don't forget where it
is.

------
sm4rk0
And if you're using DuckDuckGo (and are not concerned about transferring your
WiFi, or whatever data) you can try this query:

qr some text

[https://duckduckgo.com/?q=qr+hi+there&ia=answer](https://duckduckgo.com/?q=qr+hi+there&ia=answer)

~~~
badatseciruty
I use DDG as my daily search engine and didn't know about this. I'm frequently
impressed by all the "extras" that they include.

I think I'll start using this a lot!

------
sirsuki
I do this in our house and it works great. I discovered one flaw though. When
I say scan the QRCode I am immediately told “i don’t knows how” Or asked “the
what?” Or disapproved of with “I hate those things.”

Fun fact no one has ever actually scanned the code... ever! Maybe if I was a
cafe but not for house guests.

~~~
smacktoward
If nobody will use it, does it really work great?

~~~
gundmc
Solutions that work technically but lack adoption is the default state of
software engineering!

------
mentat
The DDG based encoding for the format:
[https://duckduckgo.com/?q=qr+%22WIFI%3AT%3AWPA%3BS%3A%3CSSID...](https://duckduckgo.com/?q=qr+%22WIFI%3AT%3AWPA%3BS%3A%3CSSID%3E%3BP%3A%3CPASSWORD%3E%3B%3B%22)

And Google charts:
[https://chart.googleapis.com/chart?chs=150x150&cht=qr&chl=WI...](https://chart.googleapis.com/chart?chs=150x150&cht=qr&chl=WIFI%3AT%3AWPA%3BS%3A%3CSSID%3E%3BP%3A%3CPASSWORD%3E%3B%3B)

------
jraph
Plasma (KDE) now has a button in its network widget that does just that - show
the QR code for this wifi network.

------
knorker
I have a picture frame in my house with a QR code for the wifi, and also an
NFC badge so you can just lift your phone to it to connect.

NFC stickers cost approximately nothing, and you can program them using an app
on your phone.

~~~
petepete
The ability to write your connection settings to a NFC sticker is also built
right into Android.

------
munkiefish
Once I noticed Android supported QR scanning to connect to WiFi natively, I
started implementing this at my hotels - I wish all businesses did the same.

------
walrus01
Is it only Android 10 that can do this with scanning a qr code, or also v9?

~~~
villuv
Android 9: Camera search icon on Google assistant (long press "home" and
cancel voice command) offers "join network" option for this kind of QR code

~~~
cmurf
I had to install Google Lens first. When I tap join network, the reply is that
I have to manually join the network. This is Android 9, and is an Android One
phone (yes, still on Android 9 and not even a year old).

Update: Actually it works with the build-in Camera. Point to QR, it decodes it
and shows SSID and password, there's a wifi icon button, and pressing that
immediately connects.

------
cpach
Very neat! However, IMHO 63 characters is a bit much for the password.

”If you use lower-case, upper-case, and digits, and if you generate it truly
randomly, then a 16-character password has 95 bits of entropy. That is more
than sufficient.”

Source:
[https://security.stackexchange.com/questions/15653/recommend...](https://security.stackexchange.com/questions/15653/recommend-
length-for-wi-fi-psk)

~~~
oefrha
A 63 character password with ten dictionary words is on average much easier to
type than a 16 character random ASCII printable string, especially on phone
keyboards.

~~~
Aeolun
Not on my switch or home entertainment system though.

~~~
prophesi
The PS4 might be a pain (though I haven't tried the gesture typing feature),
but the Switch has a touchscreen so there's no issue there.

~~~
Aeolun
Fuck me, you are right. I was doing everything with the joycons... Well, there
goes half an hour of retyping.

------
zeeZ
I have an NFC card that contains the connection information with the QR code
and plain text credentials taped to it. Even less devices support that, but
when they do you don't even have to open an app. Just tap and you're in.

~~~
fulldecent2
Which devices support this?

~~~
lashkari
Pretty much any Android device from the past 4-5 years should support
connecting to WiFi via NFC (assuming the device actually supports NFC).

------
luma
This can be helpful on devices which have a display device but no keyboard to
help users connect during first-time setup.

Example:
[https://github.com/aderusha/HASwitchPlate/blob/master/Docume...](https://github.com/aderusha/HASwitchPlate/blob/master/Documentation/01_Arduino_Sketch.md#first-
time-setup)

For this project, on first boot the device creates an AP, then displays a QR
code containing SSID and key (along with text version of the same) that the
user can connect to. Upon connection a captive portal will redirect the user
to the configuration page, allowing the user to select the desired SSD and
configure other essential values.

If you have a phone handy, just scan the display, accept the prompt to
connect, and the next thing you see if the configuration page popping up as
Apple and Android detect it as a login page.

------
CaliforniaKarl
I used this when setting up mesh WiFi for my parents, a few years ago. I set
up a guest network and a main network; the guest network had a fairly-long
password, and the main network had a very-long password, both WPA2-Personal.

I put together a two-page PDF, page size about 4 inches by 6 inches. One side
had the info for the main network; the other side had the info for the guest
network. "the info" included the SSID, the password, and a large QR code.

I then sent the PDF to FedEx, printed on card stock, double-sided, and
laminated, with instructions to cut the excess paper away before laminating.
The result was a nicely-put-together "quick reference" card that my parents
can use for whatever needed. If my parents get a new phone, putting it on WiFi
is as simple as a QR-code scan.

~~~
netsharc
That's such a better solution for guests too, I've visited many friends where
I had to crawl under their desk to see the SSID and password printed on the
back of the router... because they haven't changed the factory settings.

------
jamsinclair
For those concerned about entering your network info into an online qr tool,
some time ago I attempted a minimal JS and transparent site for generating
these codes
([https://github.com/jamsinclair/wifiqr](https://github.com/jamsinclair/wifiqr)).

Or I suppose just use the cli tools, as mentioned, for extra safety...

~~~
madsbuch
Or is it extra safety to use the CLI?

Arguably it is easier to verify that a webapp is not sending the data to a 3rd
party, than it is to verify that the CLI tool doesn't (easy network inspection
from the developer tools).

~~~
Normal_gaussian
Its also very easy to put a webapp into offline mode

~~~
madsbuch
Indeed it is! But we still need to reset the web app entirely after having
used it. Service worker might cache messages.

------
mus1cfl0w
Shameless plug but I wrote
[https://github.com/elsesiy/qrgo](https://github.com/elsesiy/qrgo) which you
don’t even need to install locally, check it out if you’re interested!

------
laurynas-s
This is super helpful for mobile devices.

But it makes rather confusing on how to connect it on an e.g. laptop without
having to scan the QR code with the mobile device first. If the password is
63-char length, typing it wouldn't be 'quick'.

~~~
qwerty456127
There should be a laptop app which can import a QR code picture from a file.
Most of the laptops also have a webcam nowadays, perhaps it could be used too.

------
dombili
I can attest to the usefulness of this. I have a similar thing set up on my
iPhone via the Shortcuts app and it's been quite nice to share my long
password without worrying about the hassle of spelling it out. Here's the
Shortcut, in case anyone wants to try it out:
[https://www.icloud.com/shortcuts/681b4f7b030543b79ab7de6afa3...](https://www.icloud.com/shortcuts/681b4f7b030543b79ab7de6afa3996c2)

~~~
DavidMankin
My (default) “shortcuts security settings do not allow untrusted shortcuts”.

Well that’s surprising and nice.

------
speleding
Instead of installing a package to generate a QR code, you can simply use this
free Google service:

[https://chart.googleapis.com/chart?chs=120x120&cht=qr&chl=WI...](https://chart.googleapis.com/chart?chs=120x120&cht=qr&chl=WIFI:T:WPA;S:SSID;P:PASSWORD;;)

Remember to URL encode the SSID en PASSWORD if you have any characters that
can't go into a URL. (Also, you have to trust Google to not store that URL
anywhere)

~~~
toyg
Yes, let’s give all passwords for wifi networks to the company that
notoriously maps all wifi networks they can find. What could possibly go
wrong...?

~~~
prepend
This happens every time I use android to connect to a WiFi network. Google
stores my info in clear text to them.

~~~
macintux
Thanks for the warning, I had no idea. Note to self: always give temporary
guest passwords to Android users.

------
Reason077
A secure random WiFi password in a QR code is great for Android and iOS, and
the laptops/desktops that can sync their password database with them over
Bluetooth.

But what about all those other random WiFi devices? I don’t relish the thought
of entering 63 characters into my printer’s goofy interface, a games console,
my car, etc...

~~~
abjKT26nO8
Your car connects to WiFi? Oh boy, the security implications...

~~~
MrStonedOne
Every tesla car has a sim card and data connection that is used to connect to
a vpn that high enough level engineers can use to run ssh commands directly on
every tesla car at once or even target certain ones.

You know nothing john snow.

~~~
kevin_thibedeau
California is thankfully neutering that sort of backdoor access.

~~~
Reason077
Really? Neutering it how?

Tesla already has a “Allow remote access” toggle, which defaults to OFF, that
prevents you from connecting to it via the app etc.

(Whether this fully prevents _Tesla_ connecting to it remotely, I’m not so
sure...)

------
ChrisFil
Wifi easyconnect is a very helpful feature that lets you connect to a wifi
network by scanning a QR Code.

Create your Home wifi QR code
[https://modemly.com/qrcode](https://modemly.com/qrcode)

------
qwerty456127
How do I read it then? My Android camera app only lets me copy the encoded
text to the clipboard or share it with another app. What app should I use to
use it to actually connect to the wireless network?

------
arkanciscan
But what if you want to connect something other than a phone to your network?
I have a lot of laptop's that don't run iOS or Android. I guess I'm old
fashioned like that.

------
wil421
The Owlet baby monitor does this. When you need to connect it to WiFi you give
the app the creds and then it generates a QR code. Then you hold it in front
of the camera to scan.

------
marv3lls
Robot barf? [http://peterromich.com/qr-code-robot-
barf/](http://peterromich.com/qr-code-robot-barf/)

------
pimlottc
I so wanted to use this for work, where there is a rotating password scheme,
but unfortunately it doesn’t work on iOS if the hotspot has a captive portal
:/

------
semireg
Another great barcoding library is BWIP-JS at
[https://github.com/metafloor/bwip-js/](https://github.com/metafloor/bwip-js/)

You can immediately generate QR codes from it using this link: [http://bwip-
js.metafloor.com/demo/demo.html](http://bwip-js.metafloor.com/demo/demo.html)

I use BWIP-JS in my electron app. Love it. Super easy and reliable way to
print barcodes on a label printer using nice UI:
[https://label.live](https://label.live)

------
dghughes
I have an old Kindle it would be fun to put the QR code on that.

And maybe somehow a script that rotates the password updating the Kindle.

~~~
ajphdiv
I setup a raspberry pi with a small display showing the weather forecast, next
5 calendar events and a QR code for the WIFI using this:

[https://github.com/TeraTech/MMM-
WiFiPassword](https://github.com/TeraTech/MMM-WiFiPassword)

weather:

[https://github.com/jclarke0000/MMM-
DarkSkyForecast](https://github.com/jclarke0000/MMM-DarkSkyForecast)

Sits on the kitchen counter. Guest password is rotated and the display is
auto-updated.

The raspberrypi is running MagicMirror, but I just have it outputting to a
small display (7"). Looks great.

I use a Ubiquiti wifi AP and it has an API to change the guest password.

------
fulldecent2
When I see it spelled wrong (like in the title of the OP here) my mind
pronounces it "whiffy"

------
Huycfhct
Https://Qr-edit.com

This editor supports wifi qr codes

------
pps43
Extra points for assembling it from Lego.

------
mendelmaleh
Also, NFC is awesome.

------
mswehli
Why would I want to make it EASIER for people coming over to use my WiFi?

~~~
alexchamberlain
You don’t give your WiFi password to everyone that visits?

~~~
Mediterraneo10
I think the OP is making a joke about the fact that some guests who get the
wifi password, may spend all their time looking at their phones instead of
socializing. That happens nowadays when one throws a party or movie night.

~~~
ldiracdelta
This should be as socially unacceptable as picking your nose at a party.

------
MrStonedOne
If you are going to write an article about this on a website with geek in the
domain name, and post it to hacker news, you are going to have to get more
technical than that.

Explaining the "WIFI:T:WPA" bit would have been nice to see.

At the bare minimum a link to an article that explains it would be necessary
to meet the bar.

In the current state this article is a users level how to document, and fails
to met the bar for an article targeted at "hackers".

~~~
jlgaddis
If you are going to comment on threads on a website, how do you know where the
"bar" is?

By reading the "Guidelines" [0], of course!

In fact, the very first item on that page is titled "What to Submit" and
explains exactly where that bar is:

> _On-Topic: Anything that good hackers would find interesting. That includes
> more than hacking and startups. If you had to reduce it to a sentence, the
> answer might be: anything that gratifies one 's intellectual curiosity._

Apparently enough of us found it "interesting" for it to show up on the front
page.

(The time you spent writing your comment would have been better spent banging
your head against the wall -- at least you might have something (a bruise) to
show for it!)

[0]:
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

~~~
MrStonedOne
Your comment breaks hacker news guidelines.

