Hacker News new | past | comments | ask | show | jobs | submit login
Guest WiFi using a QR code (jgc.org)
408 points by jgrahamc on July 12, 2022 | hide | past | favorite | 274 comments



It uses the form of:

  WIFI:T:WPA;S:{ssid};P:{password};;
Can generate these on Linux with the qrencode program.

Wikipedia has information on this https://en.wikipedia.org/wiki/QR_code#Joining_a_Wi%E2%80%91F...

Section of the Wikipedia article:

Joining a Wi‑Fi network

By specifying the SSID, encryption type, password/passphrase, and if the SSID is hidden or not, mobile device users can quickly scan and join networks without having to manually enter the data. Note that this technique is valid for specifying only static SSID passwords (i.e. PSK); dynamic user credentials (i.e. Enterprise/802.1x) cannot be encoded in this manner.

The format of the encoded string is:

  WIFI:S:<SSID>;T:<WPA|WEP|>;P:<password>;H:<true|false|>;
Order of fields does not matter. Special characters """ (quotation mark), ";" (semicolon), "," (comma), ":" (colon) and "\" (backslash) should be escaped with a backslash ("\") as in MECARD encoding. For example, if an SSID were "foo;bar\baz", with quotation marks part of the literal SSID name itself, this would be encoded as: WIFI:S:\"foo\;bar\\baz\";;


> Can generate these on Linux with the qrencode program.

If you're using Network Manager, you can also just run this command!

  nmcli dev wifi show-password
You get the password as text, and a nice in-terminal QR code.


That is actually quite cool. I wonder how many command line tools could take advantage of such a feature. Like, I don't know, upload a file somewhere and show a one-time QR code to transfer that file into your phone or something.


I use QR codes in my DIY VPN script https://GitHub.com/fazalmajid/edgewalker to ease setup of WireGuard and IPsec VPN clients like iPhones.


QRStream (Transfer files and text via successive QR codes) https://f-droid.org/packages/com.github.xloem.qrstream/


There is this app who is doing kinda that https://github.com/sz3/cfc


Recent Plasma Desktop lets you show a network QR code right from the right-click context menu.


I actually lied, if you click the NetworkManager applet in Plasma, there's a direct QR code button visible without having to use the context menu at all.


Wow! Had no clue this was possible! Thank you!


What a weird design. Alphanumeric QR code encoding includes [0-9A-Z $%*+-./:]. So many characters to choose from and they decided to choose ';' ruining the possibility of using compact alphanumeric encoding. Perfectionist inside me is angry!


Especially weird considering SSIDs are allowed to have : and ; in their name. Should have gone with something like $


why couldn't they just use normal URL query param escaping? Always reinventing the wheel, badly.

WIFI:t=wpa&s=My%20Network&p=secret%20word

would have been much better.


Data is expensive in QR land or your resulting QR code becomes larger in size, requiring more physical space to display. URL encoding has a lot of overhead. Also '\' escaping has preceded the existence of URLs. I'm not sure who is doing the reinventing here.


Only encoded characters take up more space and you don't have to escape: quotation mark, semicolon, comma, colon or backslash.

So I think the difference is small. QR codes can contain quite a bit more information than what's needed for WIFI name and password.


In countries that do not use English as the main language, it is fairly common to have non-English SSIDs. URL encoding is incredibly inefficient when encoding those characters.


QR code is not particularly dense (like compared to something like a hard drive) - why waste space that could not be put towards more redundancy (error correction)?


At equal printed sizes, QR codes with less information are much easier/more forgiving to scan.


Can you encode a BSSID (MAC-based) or just the ESSID (assigned name)? The formatting isn't very pleasant I imagine for putting a MAC in with all those backslashes..


You would use "H" for BSSID or a hidden network I assume


Can I also put my networks with Emoji SSIDs into the QR code?


Yes, I've been doing this for years with QR codes for WiFi.

Works for emoji in both the SSID and Password.


This is super cool and would be awesome for situations where your guests are familiar with QR codes. But from my experience the process would go something like this:

Visitor: What's your wifi password?

Me: No password needed! We have a cool QR code you can scan that will auto-join you!

Visitor: Oh cool, how do I use a QR code? Do I need an app?

Me: Nope, just point your camera at it.

Visitor: Like .. .take a picture of it? And then what, do I...

Me: No just point your camera at it.

Visitor: Ok let me try it ... oh cool it's prompting me to join your wifi network? what do I do now

Me: Yes Yes, just proceed, that's what it's for.

Visitor: That's soo cool, thanks.

Vs

Visitor: What's your wifi password?

Me: ShinyTortoise78


"ShinyTortoise78, no spaces, capitalization on the first letter of each word. Seventy Eight is the numbers 7 then 8, not spelt out as a word"

"Uhh English is my 3rd language and I don't know how to spell tortus. is there a QR code I can scan?"


The optimal solution is thus:

"What's your wifi password?"

"It's written right there on the fridge"


"oh, I have to get up from my table, carry my laptop over to your fridge and attempt to type in the password without dropping anything?"

(I have a horrible short term memory and struggle with short phrases)


I have solved this (and a surprising number of similar problems) by pulling out the powerful camera I carry everywhere and taking a picture of the text I would otherwise need to remember.


I have an iPhone 13Pro Max and this solution is cumbersome.

When I walk back to my desk, my phone locks (due to time out or intentional habit of keeping it locked). Then I have to tap buttons to unlock phone, launch the photo app, and find the image I just took. Then I have to spend time later to delete the image.

iOS has OCR on images. I can copy and paste the password from the photo, but still not as efficient as no or simple password, since I must still deal with locking.

Perhaps, this is better on android.


Is Face ID so terrible? I'm still on iPhone 8 with fingerprint reader and unlocking is not something I notice, it's absolutely smooth.


I use FaceID and it works well (even with a mask), but you still have to tap to find the Photos app and then the image you just took.


Open camera (swipe from up side, then swipe from right side), click on latest photo in the corner, swipe if necessary. I very rarely open photos app.


that is exactly my point: lots of tapping, when a simple verbal easy to memorize password is requires no extra typing.


a clay tablet perhaps?


You don’t talk like this when you are invited somewhere? You do ?


I internally think this every time I bring my laptop to a cafe and the barista points at a 'cute' wifi password sign (or bathroom unlock code).


If someone wasn't smart enough to realize they could take the piece of paper off the fridge, I'm not sure they'd be able to operate a computer


Is that an O or a 0?


I would never write something so ambiguous.


Return to monke:

    password123


The password is “1234”?! That’s the kind password an idiot would have on their suitcase!


That's amazing. I've got the same combination on my luggage.


Is that a 0 or a Ø?


My solution to this is that "password" is the literal password of my guest WiFi.


Might as well just open it up at that point.


No way. “password” protects me from the neighbor torrenting movies or Googling bomb recipes or whatever, which is the bulk of the threat model for residential Wi-Fi.


The proprietary Apple way is honestly the best but only works inside their system. You just try to join the wifi network and if the wifi owner has you as a contact they will get a popup requesting permission to the wifi and you tap accept and its done.


To be pedantic, it doesn't require the owner to give permission. It'll get it from anyone else near enough who has it on their device. My kids give away our primary WiFi to their friends with some annoying regularity, even though I keep telling them to scan the QR code on the wall for the guest network.


Why have a non-'guest' network? Force anything secure over a proper VPN E.G. wireguard.


Streaming services block VPNs, many sites like Wikipedia impose restrictions (no editing allowed from a VPN), and geoloc based services act oddly (I live in London and my VPN server is in a London data center, but Google thinks we are in Dubai and G.Apps default to Arabic).


Hadn't really considered that. A bit inconvenient, I don't know that I'd want to VPN inside my own network just to access my servers.


Surely this is desirable while away from home too?


Not sure I could enforce QoS priority on the wireguard traffic. Easier with a non-guest SSID. Is there a huge performance benefit if there's just one SSID running in my airspace?

Also, for the OP, sounds like it's time to put the kids on the guest network.


You can QoS tag by whitelisted mac addresses if it's just priority to known devices generally. At best your router may be able to slightly shape devices on the network (strategically dropped packets). QoS over the air doesn't really work as there's zero control of any devices tying up RF spectrum, and zero ability to defend against DoS attacks (E.G. neighbor trying to stream 4K over wifi).


> sounds like it's time to put the kids on the guest network

I have considered that, for sure.


It definitely asks for permission, and only prompts mutual contacts to begin with, as far as I know.


It asks the sender for permission, which is not the same as asking the WiFi owner. My kids have their friends as contacts, so it happily shares with them.


My wording was probably a bit wrong but there is no concept in wifi of ownership so by owner I meant the person who set it up but not exclusively them, just that they would have it.


Why would a coffee shop owner have me as a contact?


It’s terrible because it means on apple there’s no obvious way to share Wi-Fi settings like on android. Thanks apple for using Wi-Fi to try to do vendor lock in.


How is that lock-in? It's just a feature. It doesn't in any way lock you out of setting up WiFi the old fashioned way.


Okay so how do I find out the wifi password of a network an iOS device is connected to, using that device? On android it’s easy: go to Wi-Fi settings, hit “share”, show QR code.


That's just a normal security feature, passwords are input only. Just because Android lets you read them doesn't make it an ideal choice or any kind of standard. Besides, I don't want my kids to get the password from their devices and then share with their friends.

And how would that constitute lock-in anyway?


iOS 16 allows to look up a saved password.

https://images.macrumors.com/t/3REfPfn3TRhO5oOFqVsyqdR9qcI=/...


I wonder why they didn't just add it in at the beginning, I can't imagine the implementation being that difficult


you are not my father!


Just make your WiFi password simpler


I agree with scenario one but also think you went too simplistic on the second scenario. Even with a simple wifi password like you suggested, you still need to specify the uppercase letters and plenty of people might have trouble spelling tortoise correctly on the first try.

Nevermind the fact that my friends group tends to be about 50% passwords of the type you used and the other 50% of them use a randomly generated one from a pw generator or add enough random capitalization of things like family member names to make it awkward. More often than not, I end up handing them my device to type it themselves.

The QR code seems a much simpler solution once people know how to use them. Thanks to things like electronic menus at restaurants due to Covid more folks than you might realize actually do know what to do. If grandma can learn how to use a QR code to access the high school band concert program online (true story), then anyone can.

Teach a man to fish.


It's fourwordsalluppercase, one word, all lower case. Obviously.



> Teach a man to fish.

I keep teaching my family members to fish, and they keep asking me for fish.


And a boat. And a little island, with a cabin.


I solve this by having a framed piece of paper on my wall:

    GUEST WIFI
    SSID: AAA Guest
    Password: squirrels2


I have a paper like that. With the QR code right below it. The guest decides which they want to use.


When the password is 63 characters long, the QR code becomes a viable alternative to most.


But you could also just put the password in that same frame and then you don't need to specify it. Just like every small coffee shop does with their guest wifi (assuming they don't have a captive portal)


It might be only my bubble (of non-tech-savvy people), but recently I started to use QR code to share my WiFi and there was never such friction you described. I don't do it with a printed out image, but my phone has an option to share the WiFi via QR code. Also, modern phones have a direct button from the WiFi connection screen to directly scan a QR and connect to WiFi... This is a thing... and it's easier to use it as typing `ShinyTortoise78`...


> Also, modern phones have a direct button from the WiFi connection screen to directly scan a QR and connect to WiFi

I recently did this with a few (some more tech-savvy, some less tech-savvy) people and it seemed to blow their mind. I don't know if this is a commonly known feature.


My phone has this feature and now I know about it! :) Never would have noticed the little icon on the wifi settings page without knowing to look for it.


If you’re both using Apple devices it works like this:

Guest: “What’s your wifi network?”

Me: “It’s XXXX”

Guest: selects network

Me: Prompt on my device “Would you like to share your wifi password with Guest” . Selects Yes

Guest: “oh wow I’m connected. Thanks!”

Now that only works if I am present. But it works wonderfully. It should be standardised across platforms.


Okay, now tell me how to prevent Apple from compromising my network security.


Turn off iCloud everything.


It does take sharing out of your control, however, at least to an extent.


How is being prompted taking sharing "out of your control"?

You also need to be physically close to each other and mutual contacts.


vs Whats's your Wifi password?

A: I don't know it's written on the back of the modem.

<finds modem after 10 minutes on top of a dusty cabinet>

<dictates code which is in hexadecimal to someone typing>


Aha... apparently you have met ALL of my relatives who have absolutely no understanding that they could login to the device and change the password to something better.


Some of the rental hardware no longer allow users to login as admin. Some of the ones that do the ISP landlords make a lot claims that leases/monthly fees go up if they think to try. There's a growing disparity between modem/router hardware owners and "this lease seemed like the best deal from the cable/phone company" average users.


I have "business class" service from a provider (Canada - Rogers), which came with a "Clearnet" router/wifi combo that has, LTE failover. (Cradlepoint)

And - of course it was locked for admin - well - not for long, the technican who installed it gave me the password after we chatted for awhile. Admitedly, I cannot change the PW he gave me, and at some point if they remotely update it, it will stop working.


Now they make you manage the very limited subset of router options (essentially SSID and WPA passphrase) from their web portals. Then they push the updated configs to your router via remote management protocols. How many vulnerabilities do those open?


That might have been the case a few years ago (at least here in BC, Canada) but these days virtually every sit-down restaurant I go to has their menu available - often exclusively - via QR code.


Thank COVID for teaching more people how to use the dang camera on their phones as a barcode scanner (by way of many restaurants moving to QR menus)


Vistor: Ok, I took a picture of it. Now what? Do I send it to you?

Me: Is it doing anything? What did you do?

Vistor: No. I pointed my phone at it like you said. Then I took a picture.

Me: What app are you using?

Visitor: The photo app I always use.

Me: Can you be more specific?

Visitor (showing where the icon is): That one. I always use it.

Me: That one sucks. Do you have any others?

Visitor: I don't know. There's photos in the Facebook app. Should I try that?

Me (grabs a piece of paper from the fridge, exasperated): Here. This is my wifi info. Use the 5ghz one. If that doesn't work, try the other one.

Vistor: Oh, ok, whatever. Thanks.


Has this really happened to you? I got the WiFi QR printed and hanged in my living room, and to this day nobody has ever had a problem. QR might seem too techie, but they are so pervasive that everyone knows how to use them.


> but they are so pervasive that everyone knows how to use them.

Nope. I know people first-hand who don't. Hell, even I don't know how the average person does it. My own phone's camera app doesn't detect them so I had to find a random 3rd party app and trust that it's not stealing the info. In fact I'm not sure I've ever used the stock camera app on any phone to scan a QR code before. For some folks it might be "press Camera and scan", but for others it's way harder than it looks.


Wow, people like to shit on Apple, but this is yet another example of something that just works.


I've a QR app because I need advanced options, but just tested that my stock camera app when presented a barcode or a QR read them without any action. It offers to open the link in the browser, to connect to the wifi or to search the numbers of the barcode.

My guests doesn't ask for the WiFi pass, they see the QR hanging and ask "what is this QR for?", "It connects to my WiFi", and they immediately try it (succesfully) out of curiosity, "It's cool, how is it done?". The don't understand the magic behind, but don't need a guide to use it.


Android phones might all do this now for all I know, I have no idea. My phone is a few years old so hard to say.


I'm in an Airbnb and the access point has the same name for 5ghz and 2.4ghz. Apple doesn't let you manually switch. The only way I've found to switch when one is not working is to toggle the wifi on/off fifty times.

I think there must be some sort of crazy interference going on because I can literally be sitting right next to the router and 5ghz has about 5k of bandwidth available.


In my experience, Apple devices tend to connect to whichever seems stronger at the time of connection, and then only ever change to a different AP when the connection gets extremely weak. Or randomly, just to mess with you.


That's unfortunate. I've tried to reset the router but it still loads the old settings. Next time I go back to the US I'm going to bring back mesh routers.


Visitor: what's your wifi password?

Me: it's the entire alphabet in order.

Visitor: I don't want to type 20+ obnoxious letters.

Me: can I interest you in a QR code?


It's remarkable how something as trivial as typing 26 characters is onerous on our glassy slabs, but image processing to resolve a high-resolution two-dimensional barcode in a video stream is easy.


Computers are fast and they usually don't complain when you make them do work.


On the contrary, I've known some that get quite loud.


I think there’s no need to optimize every single human interaction like we do with the machines :)

I don’t mind the little back and forth sometimes. Consequently, in this scenario the knowledge of how to use a QR code will come in handy for your guest.


I just use the automagical p20 Apple WiFi password sharing.


If you run an AirBNB you might not be there when the guest arrives.


before covid, that's completely true. since covid it's flipped the opposite - when every restaurant has a QR code instead of a printed menu, people get used to it quickly.

in the last few months, i've had visitors at events ask why we didn't have a QR code posted because they'd prefer that to typing in the name of our website.


my recommendation would be to also just print out the password below the QR code and people can select the one they recognize.


If you're not tech savvy enough to scan a QR code, do you really NEED to be on my home wifi?


So support both? Just post a paper on the wall with the name/password spelled out, and also a QR code. If people know how to scan then it's fast, if not then they can read+type the old way.


You can always put the password on the same piece of paper as the QR code. So if they don't know how to scan the code, they can type it in, no need for your to spell it either.


It’s not like you’re going to have to answer these questions forever, people won’t be surprised the camera can scan QR codes the fifteenth time they use it.


People in Asia took to QR codes like ducks to water a long time ago, and Covid accelerated adoption in Europe and North America.


Had very similar experiences. Setup QR readers for a convention where users could scan for our website and a text bot... Absolute disaster, on both accounts.


In the suburban/rural southeast US I see lots of QR codes and lots of old people using them. Especially since 2020


I take it your visitors either cook all of their own food at home, or with their inability to use what passes for a restaurant menu these days, they have starved to death by now.


Around here by the time restaurants opened again the menus were back out in force.

In fact, most of the QR codes even at the places that had hem are gone now.


Bit of a self-plug I know, but this reminds me of something I had made a while back (https://github.com/kmanc/wifi_qr). Nice work! Always fun to see others' take on neat projects


Amazing. I literally did this and then decided it was overkill. Almost with the same hardware!


Lol that's awesome

EDIT - I had an idea that I'm currently working through that I like but am a little stuck so taking a break before I revisit. TLDR is to use an ATTINY85 to auto-"type" the password in for folks who bring a laptop and can't scan the QR code. I wrote the Python code to generate the .ino script that would actually do the writing, but I'm having a little bit of trouble getting micronucleus to write the script to the ATTINY without an un/re plug. You can see the WIP on my digispark branch in that repo


Wouldn’t it be easier/maybe more practical to print the password to the e-ink screen as well?

(QR code error correction is usually enough to let you just knock out part of it and put the text right there.)


Maybe! The problem I was trying to solve was that a 30 character password randomly generated is a pain to type out by hand haha. That said I think having the text would be a step in the right direction


Bootstrap it with a shorter password:

1. Have the display show a 5-digit PIN (TOTP or something that changes every minute or few)

2. Let anyone connect to your network, if they go to a browser window it will show the capture portal

3. Enter the 5-digit PIN and press "enter" and the page will show the 30-digit password so the user can copy+paste

4. User pastes password into WiFi screen and logs in

Make sure to rate-limit this endpoint to prevent random PIN attacks.


Yeah that's certainly another solution. I haven't played around much with the captive portal capabilities of my networking gear but maybe I should


Just use diceware; 3-4 randomly selected words is enough entropy but still easy to type.


It took me a second to understand what this does, but wow what a neat project!

Thanks for sharing, this sort of overkill is my favorite kind~ Cheers @koins!


Lol thanks! I strive to bring more nerd-value than real-value :P


I print wifi QR codes on wood signs and on cork coasters for Airbnb/VRBO hosts. It's a good little side business.

https://www.etsy.com/shop/ligninandlight?section_id=28828952


I 3D printed a QR code puck for my house wi-fi. It's an easy demonstration of at-home fabrication that elicits some conversation, without having to hand over a password.


> without having to hand over a password.

I mean, you're still giving them the password, just in machine readable format.


Nice, but I don't like such being forced to be a static PSK.

Instead, could also make an e-paper device for this. Perhaps it would work on badgerOS?


Isn't there qr codes that can automatically update their values? That could work.

Otherwise just buying those picture viewers and setting a qr image would be easiest.


A picture of a QR code will always be the same QR code. There are QR code generators that purport to let you update the value... but they're basically just hosting a link shortener service, giving you a QR code encoding that link, and letting you change where the link redirects to. That wouldn't work with a QR code for wifi, since the QR code does not point to a link, it directly encodes the SSID and password for a wifi network.


Can the http link not be directed to other protocols like FTP, or WIFI:T:WPA;S:{ssid};P:{password};; in this case? I guess this might have some security implication. And, some clients can block such redirection.

I tried with HTML href on my mac. It didn't work. Maybe it'd work on phones.


The dynamic vs static is also one of the criticisms to NFTs. They're just links to dynamic content in a distributed database. The content itself could change any time, or go down. But it looks like it works (there's a word for this: scam).

How would you use a dynamic link like HTTPS URL shortener if you're trying to achieve internet access? You could overcomplicate it with another AP which only works with QR code.

A colleague once painted a QR code, kinda cool its possible and it worked, but its no magic. Its just static content. If you want it to be dynamic, e-ink is perfect for this purpose. It doesn't require electricity, only if you change the content. So if it is say a Raspberry Pi Zero, it could be powered off, and only get powered on when required (even the e-ink screen itself could be detached).

I know they use captive portals a lot for this purpose but I don't see how say WPA2/3 Enterprise could not work for this.


How is your guest going to visit the link when they're not yet connected to the wifi?


I once had an idea to generate "hidden" qr codes in art and photos. Initially I wanted to take a photo of a giraffe and replace one of its spots with a QR code, and hang it in my living room for guests to scan. It turned into this (broken) website: https://www.qraffe.com/. I don't have a lot of time right now to fix it. The pdf rendering is broken. If anyone likes this idea and wants to help with a PR, I'll be mighty appreciative. https://github.com/joeframbach/qraffe


Hmm, after tinkering around a bit, I think according to https://github.com/yWorks/svg2pdf.js/issues/82 , the mask element in the giraffe SVGs is not supported in the PDF converter. It is just dropped, leafing the qraffe rather qr-less.

But I sadly know neither svg enough to think up an alternative approach, or a JS/TS dev enough to see if there are other libraries.


That is likely the issue. The alternative is to use Lambda to render pdfs on the server side, but I wanted to keep this fully on the client side as a static site (to avoid any trust issues with sending your wifi credentials to strangers). I may have to pay up real $$ if I want to do this "right".


Didn't look at your code but I had good results with using dom-to-pdf with converting quite complex svg's to pdf's cliënt site. Though I remember it needed a trivial fix to render pdf's larger than the current viewport. You might want to take a look.


This is so cool!


Someoned posted https://wificard.io/ a while ago... pretty neat


Thanks! This site actually produces attractive output which includes some instructions, as well as the network name and password, something other sites don't offer. It is handy to be able to have the password visible for situations where the QR Code isn't a viable option, like setting up a laptop.


Yeah we use this for our AirBnB, print a page and put it in the guest book. Super convenient and clients like it.


A QR code by itself is completely unreadable to a human. Can't this have the SSID / password too? All too often you see what should be simple textual data wrapped in this obtuse form which only specific machines can read. Text and a QR code can be read by everyone.

See: <https://twitter.com/adambowie/status/1521078234057695233> for context


>Can't this have the SSID/password too?

Already linked by people in this topic https://en.wikipedia.org/wiki/QR_code#Joining_a_Wi%E2%80%91F...

>All too often you see what should be simple textual data wrapped in this obtuse form which only specific machines can read.

>See: <https://twitter.com/adambowie/status/1521078234057695233> for context

This is misuse of QR code; QR codes should be used to encode large data or some other clunky data that is hard for people to process that's why it is easier to look up such data/information with QR code and process/read it digitally. After all you have a camera in your pocket and a preinstalled QR code scanner(at least all new Android phones have). The main use case of QR codes that I see is simply linking you to a website. For example your favorite food brand links you to their website to explore their offering.

>Text and a QR code can be read by everyone.

Yea I agree with you that both plain text and a QR code should be shared so people can use what suits them the best at that particular moment.


Agreed. Where I used to work, IT started replacing the guest wifi (password changes monthly) with QR code instead of printing out the password on a piece of paper. It's really cumbersome when I want to join on my laptop.


I started with this quite a long back, way before a separate Guest Wi-Fi was commonplace and we were OK just sharing the Wi-Fi. My ideology with guest at home was to offer Water and Wi-Fi. Guest were happy when Mobile Phone signals were bad (slow) and costly.

I've forgotten the tool used but I had a QR-Code for the guest Wi-Fi for a very long time. These days, people don't really care as the Internet speed on their phones are pretty fast enough and the cost is very cheap (India).


I switched to guest networks after I accidentally casted a browsing session to the TV with Chrome and a Chromecast plugged into the TV. Luckily nothing sensitive was shown but it could’ve been embarrassing with other (NSFW) content shown. The guest networks are segmented and use their own VLAN


How do guest networks solve this? You switch wifi networks before you want to use Chromecast?


Yes.



Thanks for that, I have some visitors next week and I knew I'd seen that as a feature somewhere (just couldn't find it in the UI)


This weekend I went to my dacha neighbor to ask a wifi password. All I had is a laptop with half-tuned Debian (do not use no smartphones). He gave me that QR and I could not read it because QR is not text. He is not a technician and I did not want to persist in my ask, so the situation ended up with no internets for me :( Please stop using human-unreadable protocols if opposite is possible.


> Please stop using human-unreadable protocols if opposite is possible

how about use both


If you have an integrated webcam there's a nifty package called 'zbar-tools' in debian repos that has a utilty named 'zbarcam' that identifies barcodes from your webcam and outputs them to standard output. Too little too late, I know, but nifty to have in the future.


So just install a program to read qr? Oh wait, I don't have internet.


Of course using Debian you can decode that QR (don't remember how from the top of my head, but I remember decoding my EU COVID-19 certificate. Well, unless you don't even have a digital camera with some data path to your Debian.


Sure a QR code is cool, but it's pointless for getting laptops onto a network and for the most part isn't that the main usecase for needing to get onto someone's 3rd party wifi (eg at an office, airBnB, etc?).

My phone has existing connectivity most of the time and it's rare that I need to connect it to wifi. Or that wifi would be preferable over my own 5G (or LTE) data connection.

Not hating, this is neat, but it seems low value. Certainly printing _only_ a QR code feels sub-optmial as it doesn't cover the laptop usecase.


I find service often poor inside buildings even with a new phone and using Verizon towers, so I always connect to WiFi if it's present.


Hadn't even occurred to me since my phone will hand any WiFi it's connected to off to my computer.


What's your workflow for this?


Step one: use an iPhone and Mac.

Basically, no step two. Putting a password into a WiFi network is an at-most-once thing.


I've done something similar, but didn't like the static passwords. My guest wifi password is the current date, in YYYY-MM-DD format, it's been a great way to keep my guests (mildly) satisfied. The format changes on occasion


Is this automated or do you need to change every time Guests are expected?


This is automated, with a shell script and DDWRT


So guests who stay overnight have to enter a new password after your script runs at 00:01?


For those unaware, this is jgrahamc blog. He’s the CTO of Cloudflare and super active on HN.

https://news.ycombinator.com/user?id=jgrahamc


That's true. Although my blog's random wanderings are somewhat different from my work life.


You can also generate the QR code from an Android phone by going to WiFi settings, and tapping the "Share" from the details view of the network in question (assuming the phone is already connected to that network)


I've started deploying purpose-specific APs that I simply plug and unplug as I see fit.

So, for instance, if I want to use tor, I have an actual tor ap that is normally powered off. I plug in the PoE connection and a bit later I have an SSID that is Tor only.

I also have a "guest users" AP that has no password at all. Plug it in when needed. Unplug when people leave. Shrug.

I use the Ubiquiti frisbee APs that are PoE. Sometimes I insert a "slug"[1] between the switch and the AP which strictly enforces their purpose - like hard locking them to a VPN.

[1] https://john.kozubik.com/pub/NetworkSlug/tip.html


Here's what I do in my home: I've had the same easy-to-type WiFi password (it's a name and a four-digit year) since 2005 and I just tell my guests. It's not even a guest network. It's just my network. Free hugs in my house too.


That seems fine until someone's compromised device joins your network, sniffs for open ports, and starts uploading or ransomware-encrypting your NAS.


Secure the NAS.

I.e., treat the network as an extension of the Internet, that is, assume it's compromised. Since … it basically is, given the crap hardware ISPs foist upon people.


My NAS is more likely to melt down into slag in a house fire. I have offsite backups of critical data.


:)


"Which when scanned with the default camera app on iOS or Android will pop up something similar to this. With one click you're connected to the network."

I have never had an Android phone with the ability to scan QR codes with the "default camera app". The closest I've gotten is taking a picture of the QR code and then going into my pictures and using "Google Lens" to scan the picture for QR codes. Usually I end up downloading a dedicated QR scanner app from the app store, which I have zero confidence will be able to auto-connect me to someone's WiFi.


Both my Pixel phone and Samsung tablet pick up URLs and SSIDs from the QR code using the stock camera app.


My last phone, LG Nexus 5X, couldn't do this. My current phone, Unihertz Jelly 2, also can't do this. Guess I have to buy the "premium" brand Androids for this feature.


You're not missing out. My moto g power (2020) can sometimes manage the feature, but only sometimes. Sometimes it just won't scan with the regular camera and you've got to open a dedicated qr scanner... So you're really better off starting with the dedicated qr scanner... except I have a button on the home screen for the camera and have to dig for the dedicated app.


I have the same model - amazing phone for the price btw. - and have the same intermittent issue. But, I can switch to Lens which will always work - just not as seamlessly.


Well... I'd have preferred to get a phone that can consistently get my attention in silent mode, but otherwise, I've been pretty happy with it.


The Nexus 5X is nearly 7 years old at this point and from a quick Google the Unihertz is advertising the fact that it runs Android 10 (released in 2019) so it's probably to do with the out of date software.


I'm surprised that there isn't the option to jump to the built-in qr code scanner (buried in the Tools app, and not accessible directly) for the custom-button on the Jelly2.


Nice! I put together a single file offline HTML version [1] with a demo [2] using only a CDN-hosted QR library.

[1] https://gist.github.com/ianobermiller/9f17f1022bc75c2228d742... [2] https://bl.ocks.org/ianobermiller/raw/9f17f1022bc75c2228d742...


I've done this for years, quite convenient. I also have an NFC tag with the WiFi which works quicker (no need to open a QR scanner and no need to focus on the image for a sec) but I'm not sure if iOS supports it. I've put the tag behind the wifi "frame" so that you can just tap it instead of scanning it.

Android also has the option to "share" wifi via a QR code from the WiFi settings menu. It is quick and much easier than reading out the password to someone else.


What do you need, to produce (or rather program) nfc tags...? I guess they don't have usb ports, lol.


You can program them via NFC. I use this app https://play.google.com/store/apps/details?id=com.wakdev.wdn... which can do it for free and has lots of neat NFC tools.


Programming NXP NTAG21x tags works on most recent iPhones too. Two apps I successfully used are "NFC Tools" and "NFC TagWriter by NXP". You can also associate the tags with Shortcuts and with automations in Home Assistant.


iOS lets you share wifi passwords with someone else around you if they are trying to connect. I _think_ it uses your AirDrop privacy settings so for most reasonable people it would only work for people in their contact list.


It is a pretty neat feature.

The only thing I don't love about it is, there's very little user feedback. The person requesting just goes to the wifi password prompt and hopefully this generates the notification for one of their contacts.

Nice when it magically works (you go to wifi, and then someone in the room is like "Hey, dcdc123 wants the wifi password" and you are like "yep," and then it's all sorted), annoying when you are intentionally trying to use it with one particular person.

It would be nice if it showed something like "looking for contacts" "found <NAME>" etc etc.


My wife and I travel together full time so we connect to a lot of new networks. Sadly the feature is so buggy it is almost useless to us. Probably one in three tries it just hangs the receiver's UI making it so they cannot cancel, enter password, etc. We avoid using it now.


I print out a sheet with some text (including the network SSID and password) and a QR code to connect to the guest wifi using libre office writer. It has a built in qr code generator. The QR code text for a wifi password is here: https://en.m.wikipedia.org/wiki/QR_code#Joining_a_Wi%E2%80%9....

No need for any special third party tools.


There's also the LaTeX qrcode package, bundled with distributions like TeX Live. Minimal working example reduced from my own template:

  \newcommand*{\SSID}[0]{NETWORK}
  \newcommand*{\PASS}[0]{PASSWORD}
  \documentclass{letter}
  \usepackage{qrcode}
  \begin{document}
  \begin{center}
  \LARGE{``\SSID'' WiFi QR code}
  \qrcode[height=5cm]{WIFI:S:\SSID;T:WPA;P:\PASS;H:false;}
  \end{center}
  \end{document}


I've suggested this to every AirBnB I have stayed in. Sadly I am up to about 75-100 of them and have come across this a grand total of zero times.


It might have to be setup by an Airbnb host but the past few places I've stayed at had the ability to press a button inside the Airbnb app to automatically connect to their WiFi. Definitely saves some of the less tech-savvy hosts from having to figure out how to create a WiFi QR Code and print it out


Idea: make one for each AirBnB you stay in. If you don’t have access to a printer while you’re there email them a PDF.


This right here. I've done the same. It's absurd the level of password hoops at some places. I appreciate the secure password, but when it's hand written in marker and faded it can be quite frustrating.


I had a lot of WiFi QR codes around the house and in the office. People seemed to often just ask for the WiFi password instead of bothering to figure out how to scan the QR code. Maybe things are different post-COVID where QR-code menus became the norm for a while, but in the past people seemed to not really care or understand QR codes.


Making an online wifi QR code generator seems like a nifty way to make a good password dictionary. Just saying.


Wifi QR code generation is built-in within Android: https://www.mysmartprice.com/gear/how-to-scan-wifi-qr-code-o...


For Wi-Fi though? Seems relatively low risk to me. Concerns over password security can be mitigated by those that care by using unique, randomly-generates strings per service.


The random string I use for my IoT devices' wifi password showed up on haveibeenpwned, so some IoT device cared enough about it to leak it.


People are generally less worried about wifi password quality, so perhaps a DB of the general types of passwords people use would be useful for an attacker? (regardless of the ability to defend oneself -- in any dense population area, the attacker only has to find one person with a poor password)


Don't know... Having an intruder in your home wifi seems pretty high risk to me. And I don't even live in a country with high chance to get killed upon a visit by your friendly neighbourhood SWAT team...


The one featured seems fairly legit, I believe it pre-dates the wifi spec.


I made an iOS Shortcut for this so I can ask Siri for the QR code when needed. There's a built in "Generate QR Code" action that can take a text action containing the wifi string.

Only issue is hard coding the password in the shortcut.


I do the same thing, I had some little wooden etched boards made up with the ssid and and password on, then on the back is the qrcode for it.

Super easy to hand to a visitor that can either scan or type in.


I tell guests its a long, complex password (it is, and it is on a separate VLAN where all my IoT resides, too). I then ask them to hand over their device so I can enter the password. There's a trust thing going on there, but this is deliberate as the trust goes both ways (my internet connection). If they don't trust me to fill in my password on their device (they may of course watch me do it), I wouldn't want them on my network. That never happened but I don't run a bnb.


What is the purpose of typing in the password for them? It's not keeping it a secret. Usually the OS lets you see it. For example on macOS they can just search for it Keychain Access, and even though they may not be able to get to it on iOS, the built-in WiFi sharing will bring that password to their Mac for viewing there.

IMO it is just easier to display it on a computer screen in a large-sized text and let them type it in themselves, e.g., the 1Password large type show option.

Seeing separate VLAN being mentioned makes me think you are also have the ability to run a temporary additional WiFi network when guests are over as well. That could just use a rotating password with a memorable word scheme to make it easier to type.


Yes I am aware of that they can read the password (if not in memory).

These friends are not very technical, and the purpose is that I use their device to fill in the complex password. It would take much longer if I were to spell it out, and its likely they would make typos. By handing me their device, its a sense of trust doing so. In return, I give internet access.


Using WiFi hotspots is very much history in Finland. Nearly everyone has unlimited 4G at least and most populated places have coverage.

Using a laptop in a café might still be a use case if you don't want to run your phone hot and drain the battery.

We enjoy the cheapest data rates in Europe and certainly cheaper than in the US. Which is kind of weird because in general price level is everything else but low.


https://www.qr-code-generator.com/

Works for Text Messages too! (=

I made a QR Code for my contact info in a VCard and set it as the home screen of my phone -- when I go to conventions it makes it really easy to connect with people.

There's a lot of cool stuff you can do with QR Codes now. Most of this stuff is 5-10 years old even, but the pandemic really helped educated people to look for QR Codes. Yay, Covid! =P


It would not use that one, it sends the network name and password to a server. This was easy to verify with browser dev tools.

There are QR code generators that are work entirely client-side, I would trust those much more, or just use a native app.


I have a qr code on my wall, with the guest wifi password written below the code and an nfc tag sticked on the back. I think so far most people just typed it


Can confirm this method works surprising well in practice! Most people just get it. I used it with great success to connect people to a WLAN while at sea (and without phone reception / internet to allow googling "what is qr").

That said, it is worth including the password below the QR just in case someone's camera is old or playing up (this happened). I also added an NFC sticker for the tech woke.


Now if only Comcast modems could scan these, I could use this to set the WiFi password (/s), since it forgets every time it is reset (…less /s).

… too bad I'm with a different monopoly ISP now. Their Wifi just drops you if you are on the 5 GHz bands and transmit anywhere remotely near full throttle. So you have to stay on the 2.4 GHz and weep.


Why not buy your own router or access point? Spectrum even let us buy our own modem.


Call me paranoid, but I've taken to not scanning "public" QR codes any longer [1].

[1] https://www.washingtonpost.com/technology/2021/10/07/are-qr-...


There is way too much human interest to that article and way too little substance on the problems. Tl;dr - there’s no security risk unique to QR codes are that aren’t simply present on the Internet at-large.


Yes, but there are security risks unique to QR code menus at pizza joints that aren't present on pizza joint menus at large. The status quo for restaurant menus is printed text.

Also, QR codes obfuscate the request that is being sent.


The link to the article wasn't intended to be the be-all reason... just a general "something to think about here".

There is an inherent security risk... it is trivial, as the OPs article suggests, to print out a QR code, cover an existing public one, and send people to a phishing site. Unless people are being very careful about what sites they are on, they could easily be scammed.


That's a great idea!

Of course, it has potential security issues; but no more than your standard sign in a store or boardroom.


The risk is small if you isolate clients from everything on LAN and limit bandwidth.


I am freaking tired of QR codes. I recently moved to another country (SG) and QR codes are literally used for almost everything now, essentially requiring a phone (and good lighting and a clean camera) to do almost anything. At least once a week I have to idle around waiting for a link to load in order to pay a vendor because scanning a qr-code under a glossy plastic standee is taking too long to read.

I love how developers are all so lovingly inconsistent. On one hand they swear up and down that binary formats are shite and now human-readable formats are the new thing (or at least that was the story a few years back with various markup languages and json) but now, for those stupid fucking idiot users opaque formats that require a functioning camera line of sight clear to a piece of paper are now IN. Minimized urls are too passe, I suppose?

And it's great too, because scammers and hackers are now dropping QR codes on the ground or leaflets, or placing stickers on the QR codes that dot the landscape (like on public info posters or ads put up in HDBs) so poor folks who have learned that the QR code is how you do things now just load up the QR codes without asking. Again, opaque formats are NOT good for many reasons, ease of hacking/social engineering is one reason obvious reason! Of course you can put a sticker on poster on a url but it's easy to recognize the difference between mysite.com/about and something else vs qr code 1 and qr code 2.


What if instead of QR, it was a special human-readable text format that was optimized for image recognition? Like a special font or something.


I suspect that the cameras on low-end phones would struggle with OCR text in suboptimal conditions (low-light or damaged text).

QR codes have redundancy, which makes them resilient in a variety of conditions that plaintext isn't.

Also, you can 'hide' ugly tracking urls in QR codes (e.g. a short-link that lets you count number of scans or update the redirect location).


could just use the torch


That's true, QR code is now being abused where they are not really needed, which is a very bad phenomenon.


A shortened URL is just as opaque for humans as a QR code.

http://bit.ly/gAtJlyc

Would you trust this URL?


Usually, people (who I think pay services like bitly) can use minimized urls with some readable text, not random letters, this is to make the url more readable and visible.

Anyway, for here in Singapore, what I'm talking about generally are government websites, which in SG are plentiful and well used. Things like where to find ART kits or information on GST vouchers or things like that. This is information many people are likely to access via a website, and especially trust given it's a gov website. The government often already have nifty, readable urls already for these links, like gowhere.gov.sg/art and so don't need QR codes.


I trusted using curl to find out it just returns a HTTP 404 page :)


Doesn't look like a 404 to me


Hehe, nice trick!


QR codes should be REVERSED.

ALL vendors should be required to have a camera. I have an app that produces a unique QR code for each transaction.

The VENDOR scans MY QR code and REQUESTS for my to PAY them, showing me my receipt for auth on my device.

The only VENDOR QR-read codes should only be for information about the product, menu etc.

-

I used QR codes on product descriptions that led to the product page and lab testing results for said product onto which the physical size of the product was not large enough for pertinent information -- this was for cannabis product company for which I did some contracting labeling...

The upside of this, is that it ran through bitly and I was able to also, included with the QR scan, the geo-loc of the product scan which allowed me to map out the interest of various products based on the scan and location...

QR codes are FANTASTIC, but implemented so poorly...


So, this is something some apps actually do, just noting, where they scan the payer's QR code, not the vendor. Also, not sure why you are being downvoted.


If you want to 3D Print your QR code, this site generates an STL: https://printer.tools/qrcode2stl/

If you add the key tag, you can hang it on the wall. Works well with a light-color background, and a dark foreground.


Some time ago tried to develop this idea a bit with my friend. Wanted to provide a ready to print layout - https://waflee.app/

Although we ended up using a virtual card more frequently as the printed card is always somewhere far away :)


I've done techie things just because they were fun & cool, so this isn't a criticism.

However, having a phone number not your own (or indeed, any number of less than 7 digits) that you can memorize and tell your guests works just as well. Change it as soon as they leave, bada bing, bada boom, done.


Well, firstly you have to have a password of >=8 chars for WPA. Secondly, having such a short non-complex password is going to easily be crackable with a deauth and 3-way handshake capture attack. Would easily crack on a 5 year old laptop in minutes even w/o GPU.


wow, these hackers sure are clever & patient: they're hanging around outside your house, just waiting for you to have a guest, so they can use your limited-BW guest network where you can log everything they do.

OK, go ahead and set up a QR code. Who said you can't?


I've been doing this ever since I discovered my OnePlus 5T years ago generated a QR code to share WiFi details.

It's more of a cool factor with friends but still pretty convenient. Folks in my age group almost intuitively know how to point a camera / get the results.


I used https://wificard.io/ and put the QR in my living room. It also has the option to include text for people who would like to manually connect. My friends love it.


Even more handy when you're using enterprise auth and just add a user for each guest (that's were I'm eventually going, but first the self hosted stuff gets SSO).

A made-up word also works well and even thwarts a dictionary attack (which is a real issue).


Why does the QR code encode whether the access point is hidden or not? It has the SSID.


You can also do this with NFC tags, though I've had mixed success with iPhones.


Please do not only offer qr codes. Some people might not have (working) cameras.


Or they could just be trying to connect from a laptop! Or a mobile device that doesn't understand how to parse this sort of WIFI connection code. Is this any sort of standard? Do Kindle devices support it?



https://qifi.org will give you text and a QR code in one printable graphic.


Build something like this on my own, renders 4 QR codes when printing it out on your printer: https://wifi.mariouher.com/


A golang project I follow (and use) that generates wifi QR codes from the command line:

https://github.com/reugn/wifiqr


Has anyone gotten bluetooth connections via QR code working? I really miss the time when you could listen to a friend's music in the car just by letting them plug into the aux port.


Anyone using zxing bar code generator [1]? it has a Wifi option.

[1] https://zxing.appspot.com/generator


I did a set of 3D printed QR codes with integrated NFC stickers used as drink coasters for a friend and myself. They're pretty neat and always a talking point.


I solved this by having a framed piece of paper on my wall:

    GUEST WIFI
    SSID: AAA Guest
    Password: squirrels2
I should add a QR code to it. :)



Funny I was just at Bletchley park and one of the exhibits mentions you JGC for contacting Gordon Brown in 2009 about Alan Turing's pardon :)


Nice. The camera app on Windows can scan the code. But the link does not work. Rickrolling was more fun when there was no ads btw.


I do this and it's great. Everyone enjoys scanning it and doesn't have to fiddle with the credential entry.


> Everyone enjoys scanning it

What kind of backwards country do you live in where people _enjoy_ scanning QR codes?


Yup, we've been doing this in our office for guests for quite a while. Works great!


The cross stitch community has been doing this for years! 10/10 craft idea.


Such a cute idea! Definitely wouldn't work when my parents come over though


And then it gets into Facebook and Twitter accidentally shared by your guests


Who asks for wifi in 2022? Everybody has a mobile data plan these days.


Welcome to Germany where your mobile plan is expensive and Limited.

Also: Traffic limits suck


My house is in a mobile phone blackspot - no reception on any network. I tell every guest if they want to receive or make calls they have to join my wifi and enable wifi calling.


I like the idea in the comments, set the WiFi password an NFC tag.


I'd love a CLI version that just produces an image or pdf file


I'm guessing nobody remembers "warchalking".


WARNING: Dad Joke

Admin: Make up a password, make sure your password has at least 8 characters and have capitalize letters.

Blonde: Ok, my password is “MickeyMinniePlutoGoofyDonaldHueyDeweyLouie“


This is cool, and I have done this in the past, but it's worth keeping something in mind:

Make sure the QR code is NOT visible from outside via the windows in your house.


Does it work for WPA3-Personal network?


qifi.org




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: