Hi team, I want to report an issue related to our current survey setup in Kobo.
Summary
Our enumerators access the survey using a QR code we provide. The QR includes the login link, username, and password. When they scan the QR in the Kobo app, the app logs them in automatically and they start filling and submitting the survey. Until recently, the username and password in the link could be anything, because Kobo still accepted submissions even when the credentials were not real.
Chronology
-
Our surveyors have been using the dummy login (embedded in the QR) without any problem.
-
Yesterday the surveyors informed us that they were no longer able to submit their surveys. They still access the form, fill it in, and save drafts, but the submission fails when using the dummy credentials. (They reported that a notification appeared during submission)
-
But when I tested the same process using the real username and password. The submission works.
-
This confirms the issue is linked to Kobo now enforcing real login credentials for submissions.
Current concern
The QR method becomes risky. If we embed the real username and password in the QR code, enumerators will see our actual account credentials. This is not acceptable for access-control and data-security reasons.
Request
I need your help to clarify the following points.
-
Did Kobo change the submission rule so dummy credentials are no longer accepted?
-
Is there an alternative method that lets enumerators submit surveys without exposing the real login details?
-
If QR-based auto-login is still supported, what is the correct way to configure it now so it stays secure?
If you need more information from our side, let me know and I will provide it.
Thanks.
