wifi codes

QR code for WiFi: share your network without typing the password

Make a QR code that joins your WiFi automatically. The exact WIFI: payload format, how to escape special characters, and the one security catch.

A WiFi QR code holds your network name and password as a single piece of text. Point a phone camera at it, tap the prompt, and it joins — no typing. dottr can make one for you: you just need to format the text correctly first.

The format

A WiFi QR code isn’t a link and doesn’t open a page. It’s a structured instruction your phone reads locally and acts on. The de facto standard looks like this:

WIFI:T:WPA;S:MyNetwork;P:MyPassword;;

The fields:

• T — security type. Use WPA (this covers WPA, WPA2 and WPA3), WEP for old kit, or nopass for an open network.
• S — the SSID, i.e. your network name. Required.
• P — the password. Omit it entirely for an open network.
• H:true — add this only if your SSID is hidden.

Two things are non-negotiable: the prefix WIFI: must be uppercase, and the string must end with a double semicolon ;;. Drop the ;; and many phones prompt for a password instead of just joining. Field order doesn’t matter, but those two bits do.

Special characters need escaping

If your network name or password contains a backslash \, semicolon ;, comma ,, double-quote " or colon :, each one must be escaped with a backslash. Escape any backslashes first, so you don’t double-escape your own escapes.

So a password of pa;ss\word becomes pa\;ss\\word inside the string. Miss this and the code scans fine but hands the phone the wrong password.

WPA3, honestly

This is where a lot of generators get it wrong, so it’s worth being precise. The Wi-Fi Alliance’s WPA3 specification says that when the T: field is present, its value should still be WPA — there is no separate WPA3 value in the spec. So T:WPA is the correct, most compatible choice for WPA3 networks too, including WPA2/WPA3 “transition mode” routers.

You’ll see some tools (Android, GNOME and KDE among them) emit T:SAE instead. That value isn’t in the spec, and it isn’t reliably understood across scanners — iPhones in particular may fail to act on it. So T:SAE is the riskier token, not the safer one. Stick with T:WPA unless you’ve tested that a specific SAE code actually joins on the phones you care about.

Making it in dottr

Build your string, then paste it straight into dottr and download the PNG or SVG. That’s it — nothing leaves your browser. Keep the colours high-contrast and leave the quiet zone (the white margin) intact so it scans first time; our what makes a good QR code guide covers the rest.

On the scanning side, modern phones handle this natively. iPhones have read WiFi codes in the Camera app since iOS 11; Android since version 10. A code works across both — same standard.

The one real catch

The password is stored as plaintext inside the squares. The image is just visually-encoded text, so anyone who scans or photographs your printed code can read the password back out. That’s no more secure than writing it on a sign — and no less.

So treat it accordingly:

• Use it for a guest network, not your main one.
• Treat the printout like the written password. If it leaks, change the password and reprint.
• Keep guest traffic isolated from anything sensitive.

And note: unlike a URL code, a WiFi code can’t be made dynamic or pointed at a short link you can re-aim later. The credentials are baked into the squares, so changing your password means generating a fresh code. (More on that in static vs dynamic.)

Make yours at dottr — it’s free and runs in your browser.