How not to do this.
While an online service such as https://webqr.com/ or https://www.qrstuff.com/scan are fine for normal QR codes they should never be used for TOTP QR Codes.
What inside the QR CODE
A TOTP QR code contains the following details (all values are placeholders).
Hex secret: 3132333435363738393031323334353637383930 Base32 secret: GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ Digits: 8 Window size: 0 TOTP mode: SHA1 Step size (seconds): 30 Start time: 1970-01-01 00:00:00 UTC (0) Time now: 2033-05-18 03:33:20 UTC (2000000000) Counter: 0x3F940AA (66666666)
For more information visit oathtool
Decode QR code locally
Install
Mac
install zbar
Windows(WSL), Linux
apt-get install zbarimg
Example
/mnt/c/Users/rough$ zbarimg /mnt/c/tmp/a.png
otpauth://totp/hub.docker.com:{username}?algorithm=SHA1&digits=6&issuer=hub.docker.com&period=30&secret={Key}
You can now store the OTPAUTH URI in your favorite password manager or add the {Key} so that your password manager can generate the TOPT code.
Top comments (1)
How about the following online QR code scanner
dnschecker.org/qr-code-scanner.php
What your reviews about that? Should it help it out in case of TOTP QR Codes?