I’m sure all of you out there listen all the way to the bitter end of the NosillaCast, just in case there’s something completely different at the end, right? Well, then I’m sure you remember when I did the shoutout asking for Dumb Questions, I mentioned that Lynda Gousha had sent in a bunch of them a while ago and I hadn’t answered her yet. She piled them up and sent them right after Macstock Expo. Let’s work through them now.
QR Codes for WiFi Passwords
In NosillaCast #690, about 1 hour 32 min in, between you and Bart. You & Bart were talking about passwords on sticky notes on routers & such, and you mentioned ‘in passing’ that you use a QR code to let folks visiting you get on your home network. How do you do that? Maybe something on Apple’s password manager that I don’t know about since I use 1Password….. ?????
I didn’t remember that part of the conversation so I went back and listened. Sure enough, Bart said that he does use a QR code to give people his crazy long WiFi password. I haven’t had a chance to ask him how exactly they use it but I did figure out a really cool way to do this.
First of all, let’s make sure everyone knows what we mean by QR codes. QR stands for “Quick Response” and it was a method of creating a two-dimensional barcode for the automotive industry in Japan in 1994. These are the little white square boxes with geometric black lines and squares on them that you can scan with your camera and then interesting things happen. The basic idea is that you can encode information into these 2D barcodes that can be decoded by your phone’s camera.
The cool thing is that the open source community has come up with some de facto standards on how to encode different types of information so that they can be interpreted properly by your phone. For example, a properly encoded URL will prompt your phone to open a web page. You can encode your contact information and if properly encoded, it will prompt the phone to add it to the person’s contacts.
The zxing Project on GitHub is a set of libraries where these encoding schemes are described. The format for encoding a WiFi password is quite simple:
WIFI:T:WPA;S:mynetwork;P:mypass;;
Let’s break it down. WIFI:T:WPA
means WiFi of type WPA as the authentication type. Then S:mynetwork
is the network SSID. Next, P:mypass
is where you enter your password. There are a few more parameters possible, but that’s enough for most of us.
Ok, so now what do we DO with this newly-written text?
Do a simple search for “QR code generator” and you’ll be given tons of sites that will take this text string and turn it into a QR code. One example is the-qrcode-generator.com. If you plop that text string into any of those sites, they will blorp out a QR code for you. Now take a screen snapshot of the QR code and print it out.
With an iPhone, people simply have to point the camera at the QR code and they will be asked if they want to join your network (while showing the real name of your network). Tap ok and they’re in. On some Android phones, they also can simply use the camera, but others will require them to have a QR code scanner application.
There are also sites an easy search away that are designed specifically to create QR codes for WiFi networks without knowing the double-secret formula. I know, I could have told you this up front but what fun would that have been?
I would recommend going directly to the open-source QR code generator by the zxing Project (the project that created the standards). You can find their QR Code generator at zxing.appspot.com.
This site has a nice little pulldown to select what kind of QR code you want, what kind of password protection you have and everything else I described, plus you can choose how big to make the barcode. I like doing it here because it gives you a download link to the QR code and a URL embed link (if you don’t want to host it yourself). It also shows you the code that we talked about earlier.
Now you may feel weird putting the SSID and password of your network into an online service. I would suggest that the danger is incredibly low that anyone could do anything nefarious with this. We know we’re being digitally tracked around the Internets, and digitally fingerprinted, so someone with evil intent could figure out who you are and where you live. But they would also have to fly/drive/walk to your house and stand outside your house to get onto your network! That on top of trolling all of the QR code generation sites to try to find people putting in their WiFi credentials. Seems really low risk to me.
But if it does give you pause, you might want to use a stand-alone app for this instead. The Mac App Store has a lot of them, but oddly they’re not free – most have no ratings at all and those that have ratings have 2 stars. In the iOS App Store, there are plenty of good ones. I have one called Qrafter that’s free with a $3 in-app purchase that I think gets rid of ads.
Qrafter lets you generate many types of QR codes, including WiFi network logins. You simply enter the SSID and password and it creates the QR code for you. Qrafter also does URLs, location, contact cards, and events. It will even generate codes that will make a phone call, send a text message, send an email, or send a tweet. I have no idea the use-case for that last set though! It will generate a QR code for an iTunes App URL, which could be way cool if you’re an app developer and want one on your card.
I tried creating a QR code with Qrafter with my WiFi turned off on my iPad and it still worked, so at least for the generation of the code, they’re not chatting with the Internet. I can’t promise they’re not passing it along but again I think that’s really low risk. After I posted this article, @oetgrunnen and I were chatting about it on Twitter and the developer of Qrafter, Kerem Erkan responded to my tweet and said,
Qrafter does all creation locally and does not transmit any of the information anywhere. On iOS 10 and earlier we needed a generated profile to connect to scanned WiFi hotspots, so it was generated for one time reading on Qrafter servers, with iOS 11 that’s no longer needed.
How cool is that?
Easier Way to Share WiFi Password
With an iPhone, this whole QR code generation is a lot of folderol now that we have the built-in way of sharing. If you come to my house and want on my WiFi with your iOS device, as soon as you get challenged for the password, all of my devices will ask if I want to share the password with you. I only have to tap to share and you never even see the code. It doesn’t seem to offer to share the password 100% of the time, so maybe making a QR code is easier in the long run.
If you’ve got Android friends (no judging here), having a QR code for your WiFi password does make sense, especially if it’s as long and complicated as it should be. I tested with my Nexus 5X just to see if the Apple devices would offer it the password and they did not. The camera on the 5X also didn’t know anything about QR codes, so I had to download a QR code reader from the Google Play Store.
In a few seconds I found a 4.5-star app with plenty of downloads. I installed the app, scanned my barcode and I was able to join the WiFi network. Even with this extra step for Android to install a QR code reader app, it took far less time that it would take to type in my long, complex WiFi password!
I learned a lot about this technology in order to answer Lynda’s question and I had a lot of fun doing it. I plan on QR coding everything. Maybe my next batch of business cards will just be piles of QR codes. One for each podcast URL in iTunes, one for the website, one for my contact info…
After I wrote up this article and posted it on Twitter, @mattcassinelli replied with an even more interesting way to create QR codes. He suggested using or creating a Workflow on iOS to do it. You know I’ve been looking for a reason to like Workflow, and he may just have found it. He sent me two Workflows.
One makes any URL into a QR Code workflow.is/…: And the second one makes a WiFi login code: workflow.is/….
I took a quick look at these and without memorizing what they did, I tried creating my own in Workflow and I did it! My solution isn’t nearly as elegant as the ones that Matt sent over, but they meet my purposes. The one for a WiFi password that he sent asks all the right questions, like whether there IS a password, and which encryption it’s using. I will be making them for myself so I know they will have a password and will all be WPA2 encryption. Workflow does have a QR code generator as a built-in action, but it took me a bit to understand the interface of Workflow enough to find it.
The fun thing about the way to make the Workflow yourself, is that the code that I explained at the very beginning of this article is exactly what you use to take the input from the user and then generate the QR code. Since I wrote it myself, and I tested it in airplane mode and it still works, I know for certain that it’s not phoning home.
A trick I learned from Leo Laporte. Setting up two factor authentication can be a pain. I’m using Google’s Authenticator. Doing a screen capture of the QR Code an application (e.g., Gmail) issues for two-factor enables setting up other devices by simply pointing the device’s camera at the stored QR Code. Of course, the QR Code is stored in an encrypted folder . . .
Oh, and “internet personality” Patrick Norton of TekThing lost his phone at an airport. Had to go buy a new one. He couldn’t get into his GMail accounts because he was away from home, setting up a new phone, and out of luck. He recommends carrying around one of the backup codes Google and most other services issue. The code won’t mean anything if someone finds it on a sticky in your wallet –
Back to QR Codes. Heard recently on a podcast that in the “Far East” QR codes are used for payment systems, and work better and faster than the alternatives used here by Google, Apple, Samsung, et al. No experience just passing that along.
Finally, QR Codes. They can be and have been used for evil, too. Scanning a QR Code from an unknown source is as potentially dangerous as clicking on a phishing email. That Subaru brochure that came in the mail with a QR Code? Straight to recycle. Those posters around town with QR Codes that should link to more info about an event publicized on the poster? Don’t do it.