Back on the password wagon again. Having the password there in plain sight, is kinda annoying to say the least. Sure the user login ID wasn’t printed (that would have been something right?) still it’s just there in plain sight!!!

In this day and era with all the smartphones around, do we really need to print passwords and hand them out? Then it hit me… “Hey what about QR Codes?” QR (Quick Response) Codes are those squares that have been popping up all over the place, I’m sure you’ve seen them around… Go on… give it a try… You know you wanna… 😉


Here’s the idea, instead of printing passwords why not use QR code to keep the password from plain view?

“Well that’s all good and well Urv, but anyone with a QR code scanner could still read it…”

True true… Hmmm… Say… wouldn’t it be great if you could somehow encrypt the QR Code in such a way that only the specified smartphone could read it? Go on… I’m listening…

Now QR Codes are public by nature. Still I could imagine there would be times that you only want to give access to few. Imagine having a QR Code in plain view that only you could decrypt!

So I googled ‘encrypted QR Code’ and sure enough a hit! So encrypted QR Code exist? Why isn’t this mainstream???

“Say Urv what does any of this have to do with PowerShell or Passwords?”

I’m getting there… Now ideally I’d like to have the possibility to encrypt / decrypt anything specifically for a smart device. Turns out most apps aren’t that sophisticated… yet or maybe at a price… Somebody makes this happen!

I’ve found some cool QR Code stuff at Password QR Code encryption is only for subscribers, but hey it is a possibility!!!

Ok now for the PowerShell part.

Here’s the idea, Now I’ve talked about generating random complex passwords. I can also Validate the credentials. Now all I need is some logistics in place to get the password to the user, ideally encrypted, at the very least obfuscated.

Ok back to the smartphone. What if I generated a random four digit code used to generate a four digit decrypting code from the user’s mobile nr? The logic? The random code is the position of the decrypted code from the mobile nr.

Something like this:

Decode rule

Say the random nr is 6132. The user’s mobile nr is (keep in mind that here in the Netherlands all nr’s start with 06 and are 10 digit in total) 0612345678. The code to decrypt the message would be 5621.

Full disclosure: Why start counting at zero? Just happens I got lucky with the fact that mobile nr start with zero here. The random code is four digits derived from a subset ranging from 1..9. It fits nicely so I’m sticking with it! If anybody asks it was by design.. 😉

So I’d give the user a QR Code with the random code. The user knows his mobile nr. All the user has to do now is decrypt using our “secret rule”. Kinda reminds me of the secret decoder ring toy… Never loose your inner child 🙂

So here’s the PowerShell code

$csvUserInfo = @'
'@ | ConvertFrom-Csv -Delimiter ','

$arrUserCodes = @()

$hshASCIIINTValue = @{
    49 = 1
    50 = 2
    51 = 3
    52 = 4
    53 = 5
    54 = 6
    55 = 7
    56 = 8
    57 = 9

Function random-passcode {
        $length = 4
    $digits = 49..57

    $passcode = get-random -count ($length) `
        -input ($digits) |
        % -begin { $aa = $null } `
        -process {$aa += [char]$_} `
        -end {$aa}

    return $passcode

$hshUserCode = @{
    SamAccountName = ''
    MobileNr = ''
    PassCode = ''
    DecryptCode = ''
    Shortlink= 'http://<link to QR code>'

foreach ($user in $csvUserInfo) {
    $hshUserCode.SamAccountName = $user.samACCountName
    $hshUserCode.MobileNr = $($user.MobileNr).ToString()
    $hshUserCode.PassCode = random-passcode
    $DecryptCode = ''

    #Convert Passcode to charArray get the INT value for the hashtable and get the index on MobileNr
    foreach($char in $hshUserCode.PassCode.ToString().ToCharArray()) {
        $index = [INT]$char
        $DecryptCode += $($hshUserCode.MobileNr[$hshASCIIINTValue[$index]]).ToString()

    $hshUserCode.DecryptCode = $DecryptCode
    $arrUserCodes += New-Object PSObject -Property $hshUserCode

$arrUserCodes | select SamAccountName,MobileNr, PassCode, DecryptCode,ShortLink |  Out-GridView -Title "QR code encryption - $(Get-Date)"

Now you can give the user the four digit random code and a shortlink to the QR Code. Use the DecryptCode to encrypt the QR Code. Only someone with knowledge of the ‘secret rule’ AND the mobile nr will be able to decrypt the QR Code.

At first I thought shortlinks were the way to go just incase the user doesn’t have a smartphone with barcode scanner… Or just do both.

  • http://”ShortLink to QR Code”
  • “Image of Encrypted QR Code”
  • Four digit code to decrypt QR Code

No barcode scanner? Use the shortlink, otherwise just scan and decrypt. Just remember encrypted QR codes aren’t mainstream yet (But it is possible at a price), so maybe just having a QR Code instead of plain text in sight is a better option for now.

Ok that’s it for now… Hope this inspires you to think about some more uses for QR Codes…




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s