diff --git a/functions.lua b/functions.lua
index 7f7ea15..96eb50d 100644
--- a/functions.lua
+++ b/functions.lua
@@ -142,12 +142,18 @@ function otp.generate_totp(secret_b32, unix_time)
 end
 
 function otp.create_qr_png(data)
-    local height = #data
+    local height = #data + 2
     local width = height
 
     local png_data = {}
+    -- top padding
+    for _=1,width do
+        table.insert(png_data, 0xFFFFFFFF)
+    end
+
     for _, row in ipairs(data) do
-        assert(#row == #data)
+        -- left padding
+        table.insert(png_data, 0xFFFFFFFF)
         for _, v in ipairs(row) do
             if v > 0 then
                 table.insert(png_data, 0xFF000000)
@@ -155,9 +161,16 @@ function otp.create_qr_png(data)
                 table.insert(png_data, 0xFFFFFFFF)
             end
         end
+        -- right padding
+        table.insert(png_data, 0xFFFFFFFF)
     end
-    assert(#png_data == width*height)
 
+    -- bottom padding
+    for _=1,width do
+        table.insert(png_data, 0xFFFFFFFF)
+    end
+
+    assert(#png_data == width*height)
     return minetest.encode_png(width, height, png_data, 2)
 end
 
diff --git a/onboard.lua b/onboard.lua
index e1b2a7c..bf3e2f6 100644
--- a/onboard.lua
+++ b/onboard.lua
@@ -26,9 +26,12 @@ minetest.register_chatcommand("otp_enable", {
         local secret_b32 = otp.get_player_secret_b32(name)
 
         -- url for the qr code
-        local url = "otpauth://totp/" .. issuer .. ":" .. name .. "?algorithm=SHA1&" ..
-            "digits=6&issuer=" .. issuer .. "&period=30&" ..
-            "secret=" .. secret_b32
+        local url = "otpauth://totp/" .. issuer .. ":" .. name .. "?algorithm=SHA1" ..
+            "&digits=6" ..
+            "&issuer=" .. issuer ..
+            "&period=30" ..
+            "&secret=" .. secret_b32 ..
+            "&image=https://raw.githubusercontent.com/minetest/minetest/master/misc/minetest-xorg-icon-128.png"
 
         local ok, code = otp.qrcode(url)
         if not ok then