By specifying the SSID, encryption type, password/passphrase, and if the SSID is hidden or not, mobile device users can quickly scan and join networks without having to manually enter the data. Note that this technique is valid for specifying only static SSID passwords (i.e. PSK); dynamic user credentials (i.e. Enterprise/802.1x) cannot be encoded in this manner.
Order of fields does not matter. Special characters """ (quotation mark), ";" (semicolon), "," (comma), ":" (colon) and "\" (backslash) should be escaped with a backslash ("\") as in MECARD encoding. For example, if an SSID were "foo;bar\baz", with quotation marks part of the literal SSID name itself, this would be encoded as: WIFI:S:\"foo\;bar\\baz\";;
That is actually quite cool. I wonder how many command line tools could take advantage of such a feature. Like, I don't know, upload a file somewhere and show a one-time QR code to transfer that file into your phone or something.
I actually lied, if you click the NetworkManager applet in Plasma, there's a direct QR code button visible without having to use the context menu at all.
What a weird design. Alphanumeric QR code encoding includes [0-9A-Z $%*+-./:]. So many characters to choose from and they decided to choose ';' ruining the possibility of using compact alphanumeric encoding. Perfectionist inside me is angry!
Data is expensive in QR land or your resulting QR code becomes larger in size, requiring more physical space to display. URL encoding has a lot of overhead. Also '\' escaping has preceded the existence of URLs. I'm not sure who is doing the reinventing here.
In countries that do not use English as the main language, it is fairly common to have non-English SSIDs. URL encoding is incredibly inefficient when encoding those characters.
QR code is not particularly dense (like compared to something like a hard drive) - why waste space that could not be put towards more redundancy (error correction)?
Can you encode a BSSID (MAC-based) or just the ESSID (assigned name)? The formatting isn't very pleasant I imagine for putting a MAC in with all those backslashes..
This is super cool and would be awesome for situations where your guests are familiar with QR codes. But from my experience the process would go something like this:
Visitor: What's your wifi password?
Me: No password needed! We have a cool QR code you can scan that will auto-join you!
Visitor: Oh cool, how do I use a QR code? Do I need an app?
Me: Nope, just point your camera at it.
Visitor: Like .. .take a picture of it? And then what, do I...
Me: No just point your camera at it.
Visitor: Ok let me try it ... oh cool it's prompting me to join your wifi network? what do I do now
I have solved this (and a surprising number of similar problems) by pulling out the powerful camera I carry everywhere and taking a picture of the text I would otherwise need to remember.
I have an iPhone 13Pro Max and this solution is cumbersome.
When I walk back to my desk, my phone locks (due to time out or intentional habit of keeping it locked). Then I have to tap buttons to unlock phone, launch the photo app, and find the image I just took. Then I have to spend time later to delete the image.
iOS has OCR on images. I can copy and paste the password from the photo, but still not as efficient as no or simple password, since I must still deal with locking.
No way. “password” protects me from the neighbor torrenting movies or Googling bomb recipes or whatever, which is the bulk of the threat model for residential Wi-Fi.
The proprietary Apple way is honestly the best but only works inside their system. You just try to join the wifi network and if the wifi owner has you as a contact they will get a popup requesting permission to the wifi and you tap accept and its done.
To be pedantic, it doesn't require the owner to give permission. It'll get it from anyone else near enough who has it on their device. My kids give away our primary WiFi to their friends with some annoying regularity, even though I keep telling them to scan the QR code on the wall for the guest network.
Streaming services block VPNs, many sites like Wikipedia impose restrictions (no editing allowed from a VPN), and geoloc based services act oddly (I live in London and my VPN server is in a London data center, but Google thinks we are in Dubai and G.Apps default to Arabic).
Not sure I could enforce QoS priority on the wireguard traffic. Easier with a non-guest SSID. Is there a huge performance benefit if there's just one SSID running in my airspace?
Also, for the OP, sounds like it's time to put the kids on the guest network.
You can QoS tag by whitelisted mac addresses if it's just priority to known devices generally. At best your router may be able to slightly shape devices on the network (strategically dropped packets). QoS over the air doesn't really work as there's zero control of any devices tying up RF spectrum, and zero ability to defend against DoS attacks (E.G. neighbor trying to stream 4K over wifi).
It asks the sender for permission, which is not the same as asking the WiFi owner. My kids have their friends as contacts, so it happily shares with them.
My wording was probably a bit wrong but there is no concept in wifi of ownership so by owner I meant the person who set it up but not exclusively them, just that they would have it.
It’s terrible because it means on apple there’s no obvious way to share Wi-Fi settings like on android. Thanks apple for using Wi-Fi to try to do vendor lock in.
Okay so how do I find out the wifi password of a network an iOS device is connected to, using that device? On android it’s easy: go to Wi-Fi settings, hit “share”, show QR code.
That's just a normal security feature, passwords are input only. Just because Android lets you read them doesn't make it an ideal choice or any kind of standard. Besides, I don't want my kids to get the password from their devices and then share with their friends.
I agree with scenario one but also think you went too simplistic on the second scenario. Even with a simple wifi password like you suggested, you still need to specify the uppercase letters and plenty of people might have trouble spelling tortoise correctly on the first try.
Nevermind the fact that my friends group tends to be about 50% passwords of the type you used and the other 50% of them use a randomly generated one from a pw generator or add enough random capitalization of things like family member names to make it awkward. More often than not, I end up handing them my device to type it themselves.
The QR code seems a much simpler solution once people know how to use them. Thanks to things like electronic menus at restaurants due to Covid more folks than you might realize actually do know what to do. If grandma can learn how to use a QR code to access the high school band concert program online (true story), then anyone can.
But you could also just put the password in that same frame and then you don't need to specify it. Just like every small coffee shop does with their guest wifi (assuming they don't have a captive portal)
It might be only my bubble (of non-tech-savvy people), but recently I started to use QR code to share my WiFi and there was never such friction you described. I don't do it with a printed out image, but my phone has an option to share the WiFi via QR code. Also, modern phones have a direct button from the WiFi connection screen to directly scan a QR and connect to WiFi... This is a thing... and it's easier to use it as typing `ShinyTortoise78`...
> Also, modern phones have a direct button from the WiFi connection screen to directly scan a QR and connect to WiFi
I recently did this with a few (some more tech-savvy, some less tech-savvy) people and it seemed to blow their mind. I don't know if this is a commonly known feature.
My phone has this feature and now I know about it! :) Never would have noticed the little icon on the wifi settings page without knowing to look for it.
Aha... apparently you have met ALL of my relatives who have absolutely no understanding that they could login to the device and change the password to something better.
Some of the rental hardware no longer allow users to login as admin. Some of the ones that do the ISP landlords make a lot claims that leases/monthly fees go up if they think to try. There's a growing disparity between modem/router hardware owners and "this lease seemed like the best deal from the cable/phone company" average users.
I have "business class" service from a provider (Canada - Rogers), which came with a "Clearnet" router/wifi combo that has, LTE failover. (Cradlepoint)
And - of course it was locked for admin - well - not for long, the technican who installed it gave me the password after we chatted for awhile. Admitedly, I cannot change the PW he gave me, and at some point if they remotely update it, it will stop working.
Now they make you manage the very limited subset of router options (essentially SSID and WPA passphrase) from their web portals. Then they push the updated configs to your router via remote management protocols. How many vulnerabilities do those open?
That might have been the case a few years ago (at least here in BC, Canada) but these days virtually every sit-down restaurant I go to has their menu available - often exclusively - via QR code.
Has this really happened to you? I got the WiFi QR printed and hanged in my living room, and to this day nobody has ever had a problem. QR might seem too techie, but they are so pervasive that everyone knows how to use them.
> but they are so pervasive that everyone knows how to use them.
Nope. I know people first-hand who don't. Hell, even I don't know how the average person does it. My own phone's camera app doesn't detect them so I had to find a random 3rd party app and trust that it's not stealing the info. In fact I'm not sure I've ever used the stock camera app on any phone to scan a QR code before. For some folks it might be "press Camera and scan", but for others it's way harder than it looks.
I've a QR app because I need advanced options, but just tested that my stock camera app when presented a barcode or a QR read them without any action. It offers to open the link in the browser, to connect to the wifi or to search the numbers of the barcode.
My guests doesn't ask for the WiFi pass, they see the QR hanging and ask "what is this QR for?", "It connects to my WiFi", and they immediately try it (succesfully) out of curiosity, "It's cool, how is it done?". The don't understand the magic behind, but don't need a guide to use it.
I'm in an Airbnb and the access point has the same name for 5ghz and 2.4ghz. Apple doesn't let you manually switch. The only way I've found to switch when one is not working is to toggle the wifi on/off fifty times.
I think there must be some sort of crazy interference going on because I can literally be sitting right next to the router and 5ghz has about 5k of bandwidth available.
In my experience, Apple devices tend to connect to whichever seems stronger at the time of connection, and then only ever change to a different AP when the connection gets extremely weak. Or randomly, just to mess with you.
That's unfortunate. I've tried to reset the router but it still loads the old settings. Next time I go back to the US I'm going to bring back mesh routers.
It's remarkable how something as trivial as typing 26 characters is onerous on our glassy slabs, but image processing to resolve a high-resolution two-dimensional barcode in a video stream is easy.
I think there’s no need to optimize every single human interaction like we do with the machines :)
I don’t mind the little back and forth sometimes. Consequently, in this scenario the knowledge of how to use a QR code will come in handy for your guest.
before covid, that's completely true. since covid it's flipped the opposite - when every restaurant has a QR code instead of a printed menu, people get used to it quickly.
in the last few months, i've had visitors at events ask why we didn't have a QR code posted because they'd prefer that to typing in the name of our website.
So support both? Just post a paper on the wall with the name/password spelled out, and also a QR code. If people know how to scan then it's fast, if not then they can read+type the old way.
You can always put the password on the same piece of paper as the QR code. So if they don't know how to scan the code, they can type it in, no need for your to spell it either.
It’s not like you’re going to have to answer these questions forever, people won’t be surprised the camera can scan QR codes the fifteenth time they use it.
Had very similar experiences. Setup QR readers for a convention where users could scan for our website and a text bot... Absolute disaster, on both accounts.
I take it your visitors either cook all of their own food at home, or with their inability to use what passes for a restaurant menu these days, they have starved to death by now.
Bit of a self-plug I know, but this reminds me of something I had made a while back (https://github.com/kmanc/wifi_qr). Nice work! Always fun to see others' take on neat projects
EDIT - I had an idea that I'm currently working through that I like but am a little stuck so taking a break before I revisit. TLDR is to use an ATTINY85 to auto-"type" the password in for folks who bring a laptop and can't scan the QR code. I wrote the Python code to generate the .ino script that would actually do the writing, but I'm having a little bit of trouble getting micronucleus to write the script to the ATTINY without an un/re plug. You can see the WIP on my digispark branch in that repo
Maybe! The problem I was trying to solve was that a 30 character password randomly generated is a pain to type out by hand haha. That said I think having the text would be a step in the right direction
I 3D printed a QR code puck for my house wi-fi. It's an easy demonstration of at-home fabrication that elicits some conversation, without having to hand over a password.
A picture of a QR code will always be the same QR code. There are QR code generators that purport to let you update the value... but they're basically just hosting a link shortener service, giving you a QR code encoding that link, and letting you change where the link redirects to. That wouldn't work with a QR code for wifi, since the QR code does not point to a link, it directly encodes the SSID and password for a wifi network.
Can the http link not be directed to other protocols like FTP, or WIFI:T:WPA;S:{ssid};P:{password};; in this case? I guess this might have some security implication. And, some clients can block such redirection.
I tried with HTML href on my mac. It didn't work. Maybe it'd work on phones.
The dynamic vs static is also one of the criticisms to NFTs. They're just links to dynamic content in a distributed database. The content itself could change any time, or go down. But it looks like it works (there's a word for this: scam).
How would you use a dynamic link like HTTPS URL shortener if you're trying to achieve internet access? You could overcomplicate it with another AP which only works with QR code.
A colleague once painted a QR code, kinda cool its possible and it worked, but its no magic. Its just static content. If you want it to be dynamic, e-ink is perfect for this purpose. It doesn't require electricity, only if you change the content. So if it is say a Raspberry Pi Zero, it could be powered off, and only get powered on when required (even the e-ink screen itself could be detached).
I know they use captive portals a lot for this purpose but I don't see how say WPA2/3 Enterprise could not work for this.
I once had an idea to generate "hidden" qr codes in art and photos. Initially I wanted to take a photo of a giraffe and replace one of its spots with a QR code, and hang it in my living room for guests to scan. It turned into this (broken) website: https://www.qraffe.com/. I don't have a lot of time right now to fix it. The pdf rendering is broken. If anyone likes this idea and wants to help with a PR, I'll be mighty appreciative. https://github.com/joeframbach/qraffe
Hmm, after tinkering around a bit, I think according to https://github.com/yWorks/svg2pdf.js/issues/82 , the mask element in the giraffe SVGs is not supported in the PDF converter. It is just dropped, leafing the qraffe rather qr-less.
But I sadly know neither svg enough to think up an alternative approach, or a JS/TS dev enough to see if there are other libraries.
That is likely the issue. The alternative is to use Lambda to render pdfs on the server side, but I wanted to keep this fully on the client side as a static site (to avoid any trust issues with sending your wifi credentials to strangers). I may have to pay up real $$ if I want to do this "right".
Didn't look at your code but I had good results with using dom-to-pdf with converting quite complex svg's to pdf's cliënt site. Though I remember it needed a trivial fix to render pdf's larger than the current viewport.
You might want to take a look.
Thanks! This site actually produces attractive output which includes some instructions, as well as the network name and password, something other sites don't offer. It is handy to be able to have the password visible for situations where the QR Code isn't a viable option, like setting up a laptop.
A QR code by itself is completely unreadable to a human. Can't this have the SSID / password too? All too often you see what should be simple textual data wrapped in this obtuse form which only specific machines can read. Text and a QR code can be read by everyone.
This is misuse of QR code; QR codes should be used to encode large data or some other clunky data that is hard for people to process that's why it is easier to look up such data/information with QR code and process/read it digitally. After all you have a camera in your pocket and a preinstalled QR code scanner(at least all new Android phones have). The main use case of QR codes that I see is simply linking you to a website. For example your favorite food brand links you to their website to explore their offering.
>Text and a QR code can be read by everyone.
Yea I agree with you that both plain text and a QR code should be shared so people can use what suits them the best at that particular moment.
Agreed. Where I used to work, IT started replacing the guest wifi (password changes monthly) with QR code instead of printing out the password on a piece of paper. It's really cumbersome when I want to join on my laptop.
I started with this quite a long back, way before a separate Guest Wi-Fi was commonplace and we were OK just sharing the Wi-Fi. My ideology with guest at home was to offer Water and Wi-Fi. Guest were happy when Mobile Phone signals were bad (slow) and costly.
I've forgotten the tool used but I had a QR-Code for the guest Wi-Fi for a very long time. These days, people don't really care as the Internet speed on their phones are pretty fast enough and the cost is very cheap (India).
I switched to guest networks after I accidentally casted a browsing session to the TV with Chrome and a Chromecast plugged into the TV. Luckily nothing sensitive was shown but it could’ve been embarrassing with other (NSFW) content shown. The guest networks are segmented and use their own VLAN
This weekend I went to my dacha neighbor to ask a wifi password. All I had is a laptop with half-tuned Debian (do not use no smartphones). He gave me that QR and I could not read it because QR is not text. He is not a technician and I did not want to persist in my ask, so the situation ended up with no internets for me :( Please stop using human-unreadable protocols if opposite is possible.
If you have an integrated webcam there's a nifty package called 'zbar-tools' in debian repos that has a utilty named 'zbarcam' that identifies barcodes from your webcam and outputs them to standard output. Too little too late, I know, but nifty to have in the future.
Of course using Debian you can decode that QR (don't remember how from the top of my head, but I remember decoding my EU COVID-19 certificate. Well, unless you don't even have a digital camera with some data path to your Debian.
Sure a QR code is cool, but it's pointless for getting laptops onto a network and for the most part isn't that the main usecase for needing to get onto someone's 3rd party wifi (eg at an office, airBnB, etc?).
My phone has existing connectivity most of the time and it's rare that I need to connect it to wifi. Or that wifi would be preferable over my own 5G (or LTE) data connection.
Not hating, this is neat, but it seems low value. Certainly printing _only_ a QR code feels sub-optmial as it doesn't cover the laptop usecase.
I've done something similar, but didn't like the static passwords. My guest wifi password is the current date, in YYYY-MM-DD format, it's been a great way to keep my guests (mildly) satisfied. The format changes on occasion
You can also generate the QR code from an Android phone by going to WiFi settings, and tapping the "Share" from the details view of the network in question (assuming the phone is already connected to that network)
I've started deploying purpose-specific APs that I simply plug and unplug as I see fit.
So, for instance, if I want to use tor, I have an actual tor ap that is normally powered off. I plug in the PoE connection and a bit later I have an SSID that is Tor only.
I also have a "guest users" AP that has no password at all. Plug it in when needed. Unplug when people leave. Shrug.
I use the Ubiquiti frisbee APs that are PoE. Sometimes I insert a "slug"[1] between the switch and the AP which strictly enforces their purpose - like hard locking them to a VPN.
Here's what I do in my home: I've had the same easy-to-type WiFi password (it's a name and a four-digit year) since 2005 and I just tell my guests. It's not even a guest network. It's just my network. Free hugs in my house too.
I.e., treat the network as an extension of the Internet, that is, assume it's compromised. Since … it basically is, given the crap hardware ISPs foist upon people.
"Which when scanned with the default camera app on iOS or Android will pop up something similar to this. With one click you're connected to the network."
I have never had an Android phone with the ability to scan QR codes with the "default camera app". The closest I've gotten is taking a picture of the QR code and then going into my pictures and using "Google Lens" to scan the picture for QR codes. Usually I end up downloading a dedicated QR scanner app from the app store, which I have zero confidence will be able to auto-connect me to someone's WiFi.
My last phone, LG Nexus 5X, couldn't do this. My current phone, Unihertz Jelly 2, also can't do this. Guess I have to buy the "premium" brand Androids for this feature.
You're not missing out. My moto g power (2020) can sometimes manage the feature, but only sometimes. Sometimes it just won't scan with the regular camera and you've got to open a dedicated qr scanner... So you're really better off starting with the dedicated qr scanner... except I have a button on the home screen for the camera and have to dig for the dedicated app.
I have the same model - amazing phone for the price btw. - and have the same intermittent issue. But, I can switch to Lens which will always work - just not as seamlessly.
The Nexus 5X is nearly 7 years old at this point and from a quick Google the Unihertz is advertising the fact that it runs Android 10 (released in 2019) so it's probably to do with the out of date software.
I'm surprised that there isn't the option to jump to the built-in qr code scanner (buried in the Tools app, and not accessible directly) for the custom-button on the Jelly2.
I've done this for years, quite convenient. I also have an NFC tag with the WiFi which works quicker (no need to open a QR scanner and no need to focus on the image for a sec) but I'm not sure if iOS supports it. I've put the tag behind the wifi "frame" so that you can just tap it instead of scanning it.
Android also has the option to "share" wifi via a QR code from the WiFi settings menu. It is quick and much easier than reading out the password to someone else.
Programming NXP NTAG21x tags works on most recent iPhones too. Two apps I successfully used are "NFC Tools" and "NFC TagWriter by NXP". You can also associate the tags with Shortcuts and with automations in Home Assistant.
iOS lets you share wifi passwords with someone else around you if they are trying to connect. I _think_ it uses your AirDrop privacy settings so for most reasonable people it would only work for people in their contact list.
The only thing I don't love about it is, there's very little user feedback. The person requesting just goes to the wifi password prompt and hopefully this generates the notification for one of their contacts.
Nice when it magically works (you go to wifi, and then someone in the room is like "Hey, dcdc123 wants the wifi password" and you are like "yep," and then it's all sorted), annoying when you are intentionally trying to use it with one particular person.
It would be nice if it showed something like "looking for contacts" "found <NAME>" etc etc.
My wife and I travel together full time so we connect to a lot of new networks. Sadly the feature is so buggy it is almost useless to us. Probably one in three tries it just hangs the receiver's UI making it so they cannot cancel, enter password, etc. We avoid using it now.
I print out a sheet with some text (including the network SSID and password) and a QR code to connect to the guest wifi using libre office writer. It has a built in qr code generator. The QR code text for a wifi password is here: https://en.m.wikipedia.org/wiki/QR_code#Joining_a_Wi%E2%80%9....
It might have to be setup by an Airbnb host but the past few places I've stayed at had the ability to press a button inside the Airbnb app to automatically connect to their WiFi. Definitely saves some of the less tech-savvy hosts from having to figure out how to create a WiFi QR Code and print it out
This right here. I've done the same. It's absurd the level of password hoops at some places. I appreciate the secure password, but when it's hand written in marker and faded it can be quite frustrating.
I had a lot of WiFi QR codes around the house and in the office. People seemed to often just ask for the WiFi password instead of bothering to figure out how to scan the QR code. Maybe things are different post-COVID where QR-code menus became the norm for a while, but in the past people seemed to not really care or understand QR codes.
For Wi-Fi though? Seems relatively low risk to me. Concerns over password security can be mitigated by those that care by using unique, randomly-generates strings per service.
People are generally less worried about wifi password quality, so perhaps a DB of the general types of passwords people use would be useful for an attacker? (regardless of the ability to defend oneself -- in any dense population area, the attacker only has to find one person with a poor password)
Don't know... Having an intruder in your home wifi seems pretty high risk to me. And I don't even live in a country with high chance to get killed upon a visit by your friendly neighbourhood SWAT team...
I made an iOS Shortcut for this so I can ask Siri for the QR code when needed.
There's a built in "Generate QR Code" action that can take a text action containing the wifi string.
Only issue is hard coding the password in the shortcut.
I tell guests its a long, complex password (it is, and it is on a separate VLAN where all my IoT resides, too). I then ask them to hand over their device so I can enter the password. There's a trust thing going on there, but this is deliberate as the trust goes both ways (my internet connection). If they don't trust me to fill in my password on their device (they may of course watch me do it), I wouldn't want them on my network. That never happened but I don't run a bnb.
What is the purpose of typing in the password for them? It's not keeping it a secret. Usually the OS lets you see it. For example on macOS they can just search for it Keychain Access, and even though they may not be able to get to it on iOS, the built-in WiFi sharing will bring that password to their Mac for viewing there.
IMO it is just easier to display it on a computer screen in a large-sized text and let them type it in themselves, e.g., the 1Password large type show option.
Seeing separate VLAN being mentioned makes me think you are also have the ability to run a temporary additional WiFi network when guests are over as well. That could just use a rotating password with a memorable word scheme to make it easier to type.
Yes I am aware of that they can read the password (if not in memory).
These friends are not very technical, and the purpose is that I use their device to fill in the complex password. It would take much longer if I were to spell it out, and its likely they would make typos. By handing me their device, its a sense of trust doing so. In return, I give internet access.
Using WiFi hotspots is very much history in Finland. Nearly everyone has unlimited 4G at least and most populated places have coverage.
Using a laptop in a café might still be a use case if you don't want to run your phone hot and drain the battery.
We enjoy the cheapest data rates in Europe and certainly cheaper than in the US. Which is kind of weird because in general price level is everything else but low.
I made a QR Code for my contact info in a VCard and set it as the home screen of my phone -- when I go to conventions it makes it really easy to connect with people.
There's a lot of cool stuff you can do with QR Codes now. Most of this stuff is 5-10 years old even, but the pandemic really helped educated people to look for QR Codes. Yay, Covid! =P
I have a qr code on my wall, with the guest wifi password written below the code and an nfc tag sticked on the back. I think so far most people just typed it
Can confirm this method works surprising well in practice! Most people just get it. I used it with great success to connect people to a WLAN while at sea (and without phone reception / internet to allow googling "what is qr").
That said, it is worth including the password below the QR just in case someone's camera is old or playing up (this happened). I also added an NFC sticker for the tech woke.
Now if only Comcast modems could scan these, I could use this to set the WiFi password (/s), since it forgets every time it is reset (…less /s).
… too bad I'm with a different monopoly ISP now. Their Wifi just drops you if you are on the 5 GHz bands and transmit anywhere remotely near full throttle. So you have to stay on the 2.4 GHz and weep.
There is way too much human interest to that article and way too little substance on the problems. Tl;dr - there’s no security risk unique to QR codes are that aren’t simply present on the Internet at-large.
Yes, but there are security risks unique to QR code menus at pizza joints that aren't present on pizza joint menus at large. The status quo for restaurant menus is printed text.
Also, QR codes obfuscate the request that is being sent.
The link to the article wasn't intended to be the be-all reason... just a general "something to think about here".
There is an inherent security risk... it is trivial, as the OPs article suggests, to print out a QR code, cover an existing public one, and send people to a phishing site. Unless people are being very careful about what sites they are on, they could easily be scammed.
I am freaking tired of QR codes. I recently moved to another country (SG) and QR codes are literally used for almost everything now, essentially requiring a phone (and good lighting and a clean camera) to do almost anything. At least once a week I have to idle around waiting for a link to load in order to pay a vendor because scanning a qr-code under a glossy plastic standee is taking too long to read.
I love how developers are all so lovingly inconsistent. On one hand they swear up and down that binary formats are shite and now human-readable formats are the new thing (or at least that was the story a few years back with various markup languages and json) but now, for those stupid fucking idiot users opaque formats that require a functioning camera line of sight clear to a piece of paper are now IN. Minimized urls are too passe, I suppose?
And it's great too, because scammers and hackers are now dropping QR codes on the ground or leaflets, or placing stickers on the QR codes that dot the landscape (like on public info posters or ads put up in HDBs) so poor folks who have learned that the QR code is how you do things now just load up the QR codes without asking. Again, opaque formats are NOT good for many reasons, ease of hacking/social engineering is one reason obvious reason! Of course you can put a sticker on poster on a url but it's easy to recognize the difference between mysite.com/about and something else vs qr code 1 and qr code 2.
Usually, people (who I think pay services like bitly) can use minimized urls with some readable text, not random letters, this is to make the url more readable and visible.
Anyway, for here in Singapore, what I'm talking about generally are government websites, which in SG are plentiful and well used. Things like where to find ART kits or information on GST vouchers or things like that. This is information many people are likely to access via a website, and especially trust given it's a gov website. The government often already have nifty, readable urls already for these links, like gowhere.gov.sg/art and so don't need QR codes.
ALL vendors should be required to have a camera. I have an app that produces a unique QR code for each transaction.
The VENDOR scans MY QR code and REQUESTS for my to PAY them, showing me my receipt for auth on my device.
The only VENDOR QR-read codes should only be for information about the product, menu etc.
-
I used QR codes on product descriptions that led to the product page and lab testing results for said product onto which the physical size of the product was not large enough for pertinent information -- this was for cannabis product company for which I did some contracting labeling...
The upside of this, is that it ran through bitly and I was able to also, included with the QR scan, the geo-loc of the product scan which allowed me to map out the interest of various products based on the scan and location...
QR codes are FANTASTIC, but implemented so poorly...
So, this is something some apps actually do, just noting, where they scan the payer's QR code, not the vendor. Also, not sure why you are being downvoted.
I've done techie things just because they were fun & cool, so this isn't a criticism.
However, having a phone number not your own (or indeed, any number of less than 7 digits) that you can memorize and tell your guests works just as well. Change it as soon as they leave, bada bing, bada boom, done.
Well, firstly you have to have a password of >=8 chars for WPA. Secondly, having such a short non-complex password is going to easily be crackable with a deauth and 3-way handshake capture attack. Would easily crack on a 5 year old laptop in minutes even w/o GPU.
wow, these hackers sure are clever & patient: they're hanging around outside your house, just waiting for you to have a guest, so they can use your limited-BW guest network where you can log everything they do.
OK, go ahead and set up a QR code. Who said you can't?
I've been doing this ever since I discovered my OnePlus 5T years ago generated a QR code to share WiFi details.
It's more of a cool factor with friends but still pretty convenient. Folks in my age group almost intuitively know how to point a camera / get the results.
I used https://wificard.io/ and put the QR in my living room. It also has the option to include text for people who would like to manually connect. My friends love it.
Even more handy when you're using enterprise auth and just add a user for each guest (that's were I'm eventually going, but first the self hosted stuff gets SSO).
A made-up word also works well and even thwarts a dictionary attack (which is a real issue).
Or they could just be trying to connect from a laptop! Or a mobile device that doesn't understand how to parse this sort of WIFI connection code. Is this any sort of standard? Do Kindle devices support it?
Has anyone gotten bluetooth connections via QR code working? I really miss the time when you could listen to a friend's music in the car just by letting them plug into the aux port.
I did a set of 3D printed QR codes with integrated NFC stickers used as drink coasters for a friend and myself. They're pretty neat and always a talking point.
My house is in a mobile phone blackspot - no reception on any network. I tell every guest if they want to receive or make calls they have to join my wifi and enable wifi calling.
Wikipedia has information on this https://en.wikipedia.org/wiki/QR_code#Joining_a_Wi%E2%80%91F...
Section of the Wikipedia article:
Joining a Wi‑Fi network
By specifying the SSID, encryption type, password/passphrase, and if the SSID is hidden or not, mobile device users can quickly scan and join networks without having to manually enter the data. Note that this technique is valid for specifying only static SSID passwords (i.e. PSK); dynamic user credentials (i.e. Enterprise/802.1x) cannot be encoded in this manner.
The format of the encoded string is:
Order of fields does not matter. Special characters """ (quotation mark), ";" (semicolon), "," (comma), ":" (colon) and "\" (backslash) should be escaped with a backslash ("\") as in MECARD encoding. For example, if an SSID were "foo;bar\baz", with quotation marks part of the literal SSID name itself, this would be encoded as: WIFI:S:\"foo\;bar\\baz\";;