Strange Encoding Errors in TOTP QR Codes


A QR code.

Not really a security issue, but one which I thought was worth highlighting. It shows the peril of slightly vague specifications. When you scan a 2FA token into your authenticator app via QR code, you get presented with a bunch of information about your account. This lets you store things like the issuer and the…

Continue reading →

Why is there no formal specification for otpauth URls?


A QR code.

Yes yes, Cunningham's law etc etc! I want to play around with 2FA codes. So, I started looking for the specification. Turns out, there isn't one. Not really. IANA has a provisional registration - but no spec. It links to an archived Google Wiki which, as we'll come on to, isn't sufficient. There's some documentation…

Continue reading →

I was told that QR codes would never succeed because no one could make money from them

  • By @edent on
  • 6 comments
  • 550 words
  • Read ~371 times.

I can't think of anyone who has had a better year than the QR code. What a comeback. — Grace Mulvey (@GraceMulvey1) December 17, 2021 Search back through this blog and you'll find dozens of posts about QR codes. Back in the day, I was a freelance "Mobile Internet" consultant. I'd rock up to companies…

Continue reading →

A QR code built from Emoji


A QR built from emoji squares.

It's possible to encode QR images as text. In this case, Emoji!

Continue reading →

Donating via SMS - using QR Codes


One of the greatest cultural achievements of the last Labour Government was making museum entry free for everyone. Whether you're rich, poor, British, foreign, young, old - you can enjoy the treasures of our museums and galleries. Of course, while museums are funded by the state, they still rely on generating some external revenue -…

Continue reading →

ASCII Art in QR Codes

  • By @edent on
  • 100 words
  • Read ~1,623 times.

There are plenty of QR generators which will render the code in ASCII, but I wanted to try something a little different. Is it possible to hide ASCII Art into QR Codes? Errr.... yes... It's pretty damn simple! I was surprised I couldn't find anyone else doing this. (_/) (='.'=) (")_(") Becomes: Which, when scanned,…

Continue reading →

QR Codes on Energy Bills


This is a necropost - resurrected from the now defunct blog of a previous employer. Sadly, the follow-up post has fallen down the memory hole. You can still read Sharon's response to it. Well, we can finally unwrap one of the little projects The Lab has been working on. Along with the Department of Energy…

Continue reading →

QR Codes in the Hardware Store

  • By @edent on
  • 1 comment
  • 250 words
  • Read ~189 times.

I'm a big fan of QR codes. A few years ago, I did some work for a major UK retailer who wanted to put QR codes on some of their DIY products. Rather than ship expensive instructions with each item, there would be a QR code on the packaging which linked directly to a video…

Continue reading →

The End of MS Tag


Three years ago, I wrote about the deficiencies in Microsoft's Tag system. It was painfully obvious even then that MS had no desire to back the "standard" they'd tried to create. They couldn't even be bothered to leverage the then-new Windows Phone to get the reader into customers' hands. Their terms and conditions at the…

Continue reading →

A QR Specification For Mobile Payments


BitCoin and other crypto-currencies are gaining popularity at the moment - but I remain firmly convinced that they're too hard for the average person to use. I have, however, watched with interest as an ecosystem grows around them. In particular, I like the way The Pirate Bay (and others) have used QR codes to facilitate…

Continue reading →