How can I request a short "password" at the beginning of my form to identify the person filling out the form with more certainty?

How can I create a password on the xlsform that ODK collect app users should enter when they start entering the data?

Hi Tedy,

Welcome to the ODK Community, please introduce yourself at when you get a chance.

The QR Code is the password, anyone with the QR Code will be able to view the form and submit the data.

Hope that answers your question.



@Tewodrosw It sounds like you may want your data collectors to enter another password than the one that is in the QR code, that as @Sadiq_Khoja notes, authenticates the device to the server. Is that right? If so, can you tell me more why you have this need?

Thanks @Sadiq_Khoja,

Yes that may be enough and agreed!

But I saw some codes in using "calculate" and "pulldata" in linking the xlsform with csv file. And I want to apply that for my cases having list of enumerators with specific password as a csv file and before data entry each numerator to be asked that password to go ahead.


@Tewodrosw something like this?

create workers.csv with the 3 columns

name	label	pwd
worker01	Ken	741
worker02	Sue	952
worker03	Stan	589
worker04	Jane	753
worker05	Bob	159

testpwd.xlsx (20.8 KB)


Saving passwords in plain CSV is highly insecure. Anyone with the QR Code will be able to access it, so I would strongly advice not to use that approach.

1 Like

But what other options are there?
There is another post asking something similar:

So it seem people want to use some simple way to have a password. As you can see in my reply in that other question, it is not foolproof but at least you can try and mitigate some of the problems by checking the deviceid too.

In a specific use case I had, they wanted the password and this worked great as the data gathered was not personal or sensible information.

Best thing to do is to create QR Code for each user and tell each user to keep it secret. That's the most secure way. Again, "QR Code is the password". Also ensure that your devices are secure, please consider this document as a reference.

Having said that I would like to know more about the purpose of having password in the Form. What are you trying to achieve?

If the need is to have just extra certainty that the person filling out the Form is who they say they are then the method you describe is fine.

Depending on the trust level and technical know-how of your data collectors, you can decide how much do you want to do, here are some of the options from simplest to the complex, again don't use any of these if the security is the purpose:

  • Ask data collector to enter their full name twice
  • Have a static pin in the form definition
  • Have the list of users and their pin in a separate CSV file - Nelson's solution
  • Hash the pin in CSV file and use digest function to compare the pin in the Form.

Yes, in my case that was what they needed.

1 Like

I also believe that adding a password before filling out a data form could be beneficial.

From my experience, when data collectors operate in areas with poor or no internet connectivity, they typically scan QR codes on tablets to begin collecting data before, in an area with strong internet connection. However, once the QR code is scanned, anyone with tablet's password can input data. Often, these passwords are simple and easy to remember.

So, my proposal is to assign each data collector their own unique password, which would be linked with the QR code.. They'd need to enter this password before they can access the form. This adds an extra layer of security, making sure only authorized people can enter data.

Unless there's an alternative to prevent forms from remaining open after a QR code is scanned.

Another concern is that it's very easy to share these QR codes. Anyone (unauthorized) with the ODK Collect app can simply scan the QR code and submit the data.

Is this referencing the tablet's PIN? It's true that you need to be thoughtful about setting your PINs and in particular you should take care to make sure that combinations that make shapes, that repeat numbers or that are common like 12345 are avoided. Ideally you can also configure longer PINs.

That said, modern Android devices have various features like locking after failed attempts that can make even short PINs relatively secure.

How do you imagine you would distribute this password? In an ideal world, what would happen if the user forgot it?

How are you distributing them and how is that different from how you would distribute passwords? One of the reasons we introduced QR code based auth is because we observed project managers setting very weak passwords and doing things like writing them on posters or having them shared verbally in potentially sensitive locations.


Here is one little bit more secure option that don't reveal usernames in CSV.

  1. Hash 'username' (h1) and hash 'username+password' (h2), put these data in a CSV file.
  2. In the beginning of survey ask user to enter username and password (text vars).
  3. Calculate digest of entered username (d1).
  4. Calculate digest of entered username + entered password (d2).
  5. Create one more calculate variable and use pulldata() function to fetch h2 from CSV using d1 as index.
  6. Check if d2 matches the fetched h2.
  7. If strings match, reveal main survey questions to the user and allow data entry.

You can also fetch h1 from CSV using d2 as index, and then check whether fetched h1 matches d1.