Public Wi-Fi Security Best Practices

By Graham Walker

The common experience of public Wi-Fi is usually frustrating and unreliable due to the cumbersome and repetitive authentication process.

In theory, once a device is connected and authenticated to a public Wi-Fi network for the first time, the user will be reconnected to the same network again automatically. But this is not always the case. Frequently, reauthentication of the device is required, which is time-consuming and irritating.

To avoid this problem, users often avoid public Wi-Fi networks altogether and use their mobile data connection instead. The user experience with mobile data is much better because it doesn’t require any action and just works.

What is Passpoint?

To solve the authentication issues, the Wi-Fi Alliance developed a protocol called Passpoint®. The current version is Passpoint (Hotspot 2.0), which eliminates the need for users to reauthenticate.

Once authenticated for the first time, users can access Wi-Fi in a stadium, airport, hotel, or public space with Passpoint, which automates the login process. Enabling a seamless connection between Wi-Fi hotspot networks and mobile devices while delivering enterprise-level security.

Benefits of Public Wi-Fi

Due to the cost of mobile data connections, Wi-Fi offers a unique possibility to gain part of the outdoor market with a free service with a very high or no traffic limit. Traffic limits or caps are one of the main reasons people still use Wi-Fi for laptops outside of the home and office.

Free public Wi-Fi is commonplace in airports and hotels because they are willing to pay for the infrastructure. However, a city can offer similar services utilizing streetlight poles and cable tubes that it already owns and manages, thereby covering large areas and reaching many people. In many countries, government grants are available for such projects, e.g., WiFi4EU in Europe.

Practical Uses for Passpoint

Passpoint helps operators in other ways too. Mobile operators that want users to offload some traffic from their mobile infrastructure can offer a Wi-Fi data service that integrates seamlessly with their mobile infrastructure.

Passpoint also works between different operators that share the same authentication database. For example, an operator in a single country can sign an agreement with an operator in another country to provide Wi-Fi to their users without any additional action from the user. This enables users to have the same straightforward Wi-Fi experience when traveling abroad.

For example, hotel chains can offer Wi-Fi to their users independently of the location. Airports can offer services in any area without the need to reauthenticate. Universities can simplify the current intra-university Wi-Fi access for students coming from different campuses, and so on.

Captive Portal Explained

Although Passpoint simplifies access to public networks, there are similar methods for Wi-Fi services in private spaces. One of the most common is Captive Portal, which offers three authentication methods supported by Allied Telesis wireless solutions.

Click-Through

This method asks users to agree to the terms of use (Click-Through Agreement) before allowing them to connect to the wireless network. This doesn’t require any user registration, but it allows you to ask users to agree to the necessary terms.

Internal and External RADIUS Authentication

This method authenticates wireless clients using an external RADIUS server, where client credentials are matched against authentication records.

Captive Portal Page Redirection

This method redirects the authentication page to a user-configured URL such as a third-party Captive Portal vendor page, simplifying login for guests. This method is commonly available in hotels, airports, and other large public spaces.

Easy Wi-Fi Authentication

Passpoint offers new possibilities for any operator, public or private, solving the re-authentication problem and creates new space for Wi-Fi outdoors and in public spaces. Together with Captive Portal, these robust and secure user authentication methods are effortless. Their use can increase Wi-Fi usage over mobile data, resulting in lower costs and greater data consumption.

Allied Telesis has a range of Passpoint-certified access points suitable for indoor and outdoor use that support their No Compromise Wi-Fi autonomous management solution, enabling large-scale wireless networks to be built and operated with ease. Smart city planners can use these features to provide their citizens with easy-to-use Wi-Fi in public spaces, museums, libraries, streets, and parks.