Android and iOS have since some time supported sharing wifi credentials via a qr code that other users can then scan with their camera app and join the network hassle free.

You might have also seen them printed at hotels, bars and various venues and thought you want that too.

That is very handy and a lot of online services offer to generate the QR codes with your credentials for you. You might think that they don't know where you are or think of any other reason that it is wrong to give out your local credentals like that. (Let's just assume from now on that it is in fact your home WIFI this relates to and NOT some network that you should not be sharing to start with)

So what if that service you just used that promised to not store your credentials just saved them to seed a rainbow table that they sell on another site as part of another service to break into WIFI networks? Then suddenly one of those users may very well be interested in your network in particular. The odds might be low but is it worth it?

I am not about to give my credentials away for free to the world just because I need a house sitter for the weekend!


Being a little more security minded and generating your own QR code is very simple.

  • On linux/BSD/OSX install a package such as qrencode
  • Add credentials to a file like this WIFI:T:WPA;S:your wifi SSID here;P:such leet P455w0rd;;
  • run qrencode -r mock.txt -o mock.png -s 5 YMMV but this is the general idea.

Read more about the file format here and more about qrencode here(seems to be an old release that does not support the -r flag for reading input from file.. consult your installed versions man page!).

You might consider rolling a local docker image or simply hosting a local web server if you want something more fancy or just a digital version that can update more frequently.

Unsure what a QR code is but too afraid to ask a colleague or your parents? Have a look at the Wikipedia page on it.

Previous Post Next Post