WiFi QR Format

WiFi QR Code
Decoder & Reader

Instantly extract WiFi network name, password, and security type from any WiFi QR code. Upload an image or scan with camera. Always private.

Upload WiFi QR code

Drop your WiFi QR image here or click to browse

PNGJPGWEBP

Camera is off

Click Start Camera below

WiFi Credentials

          

        

      

    

  


  

    

      

        
Understanding WiFi QR Codes

        
WiFi QR codes encode network credentials using the WIFI: URI scheme, a standard format recognized by Android 10+, iOS 11+, and most modern QR scanning applications. When decoded, the format looks like:

        
WIFI:T:WPA2;S:MyNetwork;P:MyPassword;H:false;;

        
Where T is the security type (WPA, WPA2, WEP, or nopass), S is the SSID (network name), P is the password, and H indicates whether the network is hidden.

        
Security Types Supported

        
    
          
  • WPA/WPA2 — Most common; uses a pre-shared key (password)
    • 
          
  • WEP — Older, deprecated standard; considered insecure
    • 
          
  • nopass — Open network with no password required
    • 
          
  • WPA3 — Newer standard; encoded similarly to WPA2
    • 
        

        
Use Cases

        
    
          
  • Restaurants and cafés displaying guest WiFi on menus or signs
    • 
          
  • Hotels providing room WiFi via printed QR codes
    • 
          
  • Offices with visitor network QR codes at reception
    • 
          
  • Recovering your own WiFi password from a generated QR code
    • 
          
  • Sharing WiFi credentials with guests without saying the password aloud
    • 
        

      

      

        
WiFi QR Code Security Risks

        
WiFi QR codes present unique security considerations that users should be aware of. Because the password is encoded directly in the QR pattern, anyone who can photograph or copy the QR code has immediate access to the password — there is no additional authentication step.

        
Risks to Be Aware Of

        
    
          
  • Physical access: Posted QR codes in public-facing locations can be photographed and the password extracted by anyone, not just legitimate guests
    • 
          
  • QR substitution attacks: Malicious stickers can be placed over legitimate QR codes in hotels or cafés, redirecting to a different network designed to intercept traffic
    • 
          
  • Permanent credentials: If a WiFi QR code is generated with a permanent password, the network remains exposed until the password is changed and a new QR code generated
    • 
        

        
Best Practices

        
    
          
  • Use a separate guest network for QR-shared credentials — never share your primary network password via QR
    • 
          
  • Rotate guest WiFi passwords and QR codes regularly (monthly for public venues)
    • 
          
  • Inspect QR codes in public places for signs of tampering or overlaid stickers
    • 
          
  • Use our decoder to verify that a WiFi QR code contains the correct credentials before distributing it
    • 
        

      

    

  


  

    

      

        
The Anatomy of a WiFi QR String

        
Decoding a WiFi QR reveals a single-line string packed with information. Each field is separated by a semicolon. Reading it left to right, here is what each segment means in practice.

        
    
          
  • T: followed by the security type. Common values are WPA (covers WPA, WPA2, and WPA3), WEP (legacy), and nopass (open network). If this field is missing or empty, most scanners assume WPA.
    • 
          
  • S: the SSID. This is the network name you see in your WiFi list. If it contains special characters like semicolons, commas, or backslashes, they are escaped with a backslash in the encoded string.
    • 
          
  • P: the password. Left blank for open networks. Special characters are escaped the same way as the SSID.
    • 
          
  • H: set to "true" if the network is hidden (does not broadcast its SSID). Defaults to false if omitted.
    • 
          
  • E: optional EAP method for enterprise networks. Rarely seen outside corporate environments.
    • 
        

        
A well-formed WiFi QR string ends with two semicolons. A single terminating semicolon is technically valid but some older Android parsers reject it, which is worth knowing if you are generating these codes yourself.

      


      

        
Does Your Phone Actually Join the Network Automatically?

        
Support for one-tap WiFi joining depends on the operating system and the app doing the scanning. There is no universal standard, which is why some setups work instantly and others leave you copying and pasting.

        
    
          
  • iOS 11 and newer: The built-in Camera app recognizes the WIFI: format and shows a "Join network" banner. Tap it and you are connected.
    • 
          
  • Android 10 and newer: Most native camera apps support the same flow. Some manufacturer skins add a confirmation dialog.
    • 
          
  • Browser-based scanners (including ours): Web browsers do not have permission to modify WiFi settings. We display the credentials for you to copy, but the join has to happen manually in your device's WiFi settings.
    • 
          
  • Older devices or third-party camera apps: Often show the raw WIFI: string without parsing it. You still have the info, just not the one-tap action.
    • 
        

        
When we decode a WiFi QR, we give you the SSID and password as separate, copyable fields precisely so this last step takes two seconds rather than requiring you to puzzle out the raw string.

      

    

  


  

    

      

        
Hosting a Guest Network With QR Codes the Right Way

        
If you are printing WiFi QR codes for a café, a co-working space, or an Airbnb, four decisions determine whether the setup stays secure long-term or leaks guests' traffic onto your main network.

        
    
          
  1. Separate SSID for guests. Never share your primary network's QR. Your router likely supports a guest SSID. Use it.
    2. 
          
  2. Isolate clients on the guest network. Most routers have a "client isolation" or "AP isolation" toggle. This prevents connected guests from seeing each other's devices, which is the baseline requirement for a public WiFi offering.
    3. 
          
  3. Rotate the password on a schedule. Monthly is a reasonable cadence for low-risk venues. Reprint the QR code after each rotation.
    4. 
          
  4. Limit bandwidth per client. Router-level QoS keeps one streaming guest from drowning everyone else. Not strictly a security measure but one that keeps the network usable.
    5. 
        

        
For households, the same principles apply on a smaller scale. Share a guest QR with visitors rather than your primary password. The mild inconvenience pays off the first time a guest's phone turns out to be compromised.

      


      

        
Sticker-Swap and Other Physical Attacks on WiFi QR Codes

        
A printed WiFi QR code posted at the entrance of a café is an asset. It is also an attack surface. The most common real-world threat is the sticker-swap: an attacker prints their own malicious WiFi QR, laminates it, and pastes it over the legitimate one. Customers scan it, join a rogue access point with the same SSID as the real café, and route all their traffic through the attacker's device.

        
Counters to this attack are mostly physical. Laminate the legitimate QR code behind glass or acrylic so a sticker cannot be applied. Inspect posted QR codes at the start of each shift. Use a distinctive background pattern or logo printed behind the code so swaps are visible at a glance.

        
If you suspect a QR code on a public surface has been tampered with, decode it with our tool first rather than letting your phone auto-join. The SSID in a swapped QR often matches the real network name but the security type or password will differ. Our decoder reveals all of it in plain text before anything connects.

      

    

  


  

    
FAQ
WiFi QR Decoder FAQ

    

      
Can I see the WiFi password from a QR code?
Yes. WiFi QR codes store the password in plain text in the WIFI: format. Our decoder will display the full SSID, password, and security type when you decode a WiFi QR code.

      
Why does decoding show "WIFI:T:WPA2;S:..." instead of the password?
Our decoder automatically parses this format and displays it in a human-readable layout with labeled fields. The raw WIFI: string is also available if you need to copy it as-is.

      
Is the decoded WiFi password saved anywhere?
No. All decoding is done in your browser. Nothing is uploaded to any server. The decoded credentials exist only in your browser's memory for the current session.

      
Can I automatically connect to WiFi using this decoder?
Web browsers do not have permission to directly modify WiFi settings for security reasons. You need to copy the credentials and enter them manually in your device's WiFi settings, or scan the QR code directly with your device's camera app.

      
Does the format support WPA3?
Yes. WPA3 networks are encoded identically to WPA2 in the WIFI: format. The security type field simply reads WPA, and the connecting device negotiates the strongest mutual protocol. If both router and client support WPA3, that is what gets used.

      
How do I recover my own WiFi password if I only have the QR code?
Upload a photo or screenshot of the QR code into our decoder. The password appears in the result. This is especially useful when your router came with a preprinted QR label but the accompanying text has worn off or the manual has been lost.

      
Why does my password have backslashes when decoded?
The WIFI: format escapes special characters like semicolons, commas, backslashes, and quotes with a leading backslash. Our decoder automatically unescapes these. If you see raw backslashes in the result, try the Copy Password button which extracts the clean, usable password.

    

  


  

    

      

        More Tools
        
Decode Other QR Types

      

      

        
🖼️
From Image

        
📷
Camera Scan

        
👤
vCard Contact

        
✉️
Email QR

        
🌐
URL / Website