QR Code Generator
ISO/IEC 18004 · byte mode · v1–40 · in-browser
otpauth:// URIs so you can scan
a 2FA secret straight into your phone’s authenticator without copying
secrets through a hosted service.
Picking an error correction level
QR codes embed Reed–Solomon parity bytes so a partially obscured code can still be decoded. Higher correction levels survive more damage but produce denser modules:
- L (Low, ~7%) — smallest output, fine for screen display where the whole code is always visible.
- M (Medium, ~15%) — good default for printed labels and 2FA URIs.
- Q (Quartile, ~25%) — survives smudges, wrinkles, partial coverings.
- H (High, ~30%) — what you want if a logo will be overlaid on the centre, or if the print may be damaged.
otpauth:// for 2FA setup
The most common practical use here is taking an
otpauth://totp/... URI, generating its QR code, and scanning
it from your phone’s authenticator app to import the 2FA secret. Use
the TOTP page’s Show as QR shortcut
to land here pre-populated, or paste an otpauth:// URI
directly.
How the encoder works
The full ISO/IEC 18004 pipeline runs in your browser: text is UTF-8 encoded into byte mode, padded with the standard 0xEC / 0x11 fill, split into Reed–Solomon error-correction blocks, interleaved into a final bit stream, written into the matrix with format and version information, then masked with whichever of the eight masks scores best against the standard penalty rules. The output is a self-contained SVG path — one rect per dark module — wrapped in a viewBox so it scales cleanly.
Privacy
The QR generator never makes a network request. There is no remote SVG or PNG renderer, no shared canvas, no shortener service. The text you type is encoded by a JavaScript implementation that ships with the page itself, and the generated SVG / PNG is produced and downloaded entirely on your device. If you need to confirm: the page is plain HTML and view source will show you exactly what runs.