QR codes have been referred to as “robot barf.” Which is too bad, because they’re pretty fascinating if you take a closer look.

In this post, you’ll learn about:

History and inner workings of QR codes

Use cases and risks

How to generate QR codes in your application

How QR codes are used for two-factor authentication

QR codes 101

QR code is an abbreviation for Quick Response code. They’re a type of two-dimensional, or “matrix” barcode which means that information is stored across both the horizontal and vertical axes.

QR codes were invented in Japan during 1994. They were originally used for tracking automobile parts. QR codes could store more data than UPC barcodes (the kind you commonly see on grocery store products and such), so they started to catch on in other industries as well. Denso Wave, the company that invented QR codes, made the spec publically available to further increase their use.

How do QR codes actually work?

To decode a QR code image, first the scanning software locates the three distinct squares at the corners of the image.

There is a smaller square near the fourth corner which normalizes the image for angle, size, and orientation.

Then the tiny dots throughout the image are converted to binary numbers, or characters, depending on the specified encoding.

You can store up to a maximum of 3kb of data in a QR code, although less if you crank up the error checking precision level. Error checking is done via Reed-Solomon code scanning, so that the QR code can still be read if some information is degraded. Reed-Solomon code scanning is incredibly useful. It also corrects errors on CDs, and even the images sent on the Voyager space probe.

Use cases for QR codes

There are loads of use cases for QR codes:

adding contact info to a mobile device

contactless payment

opening a URL

scanning secrets to generate time-based one-time passwords

alternate reality gaming

connecting to a wireless network without having to type in a password

people are even putting them on graves

Risks of QR codes

QR codes are handy, but like any useful tool they’re not without risks. Since people can’t tell what a QR code contains with their eyeballs alone, it’s easy to send users to malicious URLs. A security researcher even created a QR code in 2012 that wiped all data on a Samsung phone. Yikes! As always, security research doesn’t perfectly represent real-life risks. Most QR scanner apps now offer users a preview of the URL and allow them the option to click through. Nevertheless, some caution is warranted when scanning random QR codes you find in the wild.

Generating QR codes in your Node.js application

QR encoding is complicated. Unless you are some sort of signal processing whiz, I would not recommend creating your own QR code generator from scratch.

"QR Codeword Ordering" by bobmath is licensed under CC0

Good news: if you’re using a common programming language, there’s probably already a library for that.

For example, in Node.js, node-qrcode is a great util.

Assuming you’ve got a JavaScript dev environment set up, run npm install qrcode from the command line to install the library locally.

From there, you can generate an image file with the following code snippet: