QR code for wifi keys

[erikvanoosten]

Summary

Wifi passwords can be shown as a QR code by KeepassXC. These QRs are readable by Android and Ios devices. This allows for easy entry of very long wifi passwords.

Desired Behavior

The context menu for a Wifi entry should get an additional item: 'QR code'. Upon activation the QR code should be displayed.

Context

Wifi codes should be long and random to protect against brute force attacks. Sharing 63 random character wifi codes can be quite difficult; the device to connect might not have networking yet.

QR codes are an easy and well supported (ios and android) way to share such codes.

This issue was inspired by https://feeding.cloud.geek.nz/posts/encoding-wifi-access-point-passwords-qr-code/

Note: this issue is different from #96; reading the QR codes is well supported so this is a full end-to-end solution.

[droidmonkey]

This is a duplicate of #675

[rocketraman]

This is a duplicate of #675

@droidmonkey A wifi QR is a bit of a different case than #675 which was a general "show any password as a QR" feature request. The main objection to #675 was that QR code scanners can leak password data for non-technical / non-careful users, thus that feature exposes users to risk. Not certain I agree that should imply technical / careful users shouldn't be able to enable that feature, but in any case the wifi use case is a bit different because it is not usually a general QR scanning app that is scanning the wifi password, but rather the wifi network entry screens of the OS itself. And we should be able to trust the OS to not leak this data when it scans it (and if we can't trust the OS, we're sunk anyway because we have to enter the plain-text password in any case).

I'll also add that wifi passwords, if they can't be entered via QR code or a WPS mechanism have to be typed in manually. Thus limiting how strong they can be. Therefore, this feature could actually enhance security significantly for Wifi passwords.

All that being said, the workaround for now for future Googlers that end up here is to use qrencode or similar tool to generate the WIFI QR code manually. For example to display directly on a UTF-8 capable terminal (escaping any : in the password with a \):

qrencode -t UTF8 "WIFI:T:WPA;S:<SSID>;P:<PASSWORD>;;"

Or use one of several sites online (if you trust them) to generate it for you.

[droidmonkey]

I agree this is a special case of the general "data via qr code", but also a very specific use case as well. I am not convinced the user population for such a feature is large enough to justify this occupying a position of the context or entry edit screen. The better solution, imo, is to sync your database with your mobile and use a mobile app to access the wifi password directly as an entry. To be more explicit, I see this as a better feature for the operating system itself.

[rocketraman]

Fair, but I'll just note one thing: this is not possible in two use cases related to wifi:

1. Setting up a new phone or device -- can't sync the password database or even install the password app until the wifi is setup.

2. Sharing a wifi guest password with other people.

Those two uses cases cover 95% of the time I need a wifi password -- for devices that are normally connected the wifi password is already saved in the OS, so no password manager is necessary.

[rocketraman]

That being said, most modern phones do have a "Share wifi" option to generate a wifi QR code, which is what I think you were referring to by "I see this as a better feature for the operating system itself". That is definitely a compelling argument that KeePassXC does not need the feature as well.

[droidmonkey]

Yes exactly, I used that feature in android the other day and it worked great. IMO should be a feature in Windows, Mac, and Linux as well.

[dracorp]

In our company the password for Guest wifi is share via password manager pro. This tool does not have qr code generator but me and others keep it in keepassxc.