IT Expert, Networking — January 29, 2021 at 10:17 am

Public Wi-Fi Security Best Practices

by

The common experience of public Wi-Fi is usually frustrating and unreliable due to the cumbersome and repetitive authentication process.

In theory, once a device is connected and authenticated to a public Wi-Fi network for the first time, the user will be reconnected to the same network again automatically. But this is not always the case. Frequently, reauthentication of the device is required, which is time-consuming and irritating.

Smart city and abstract dot point connect with gradient lineTo avoid this problem, users often avoid public Wi-Fi networks altogether and use their mobile data connection instead. The user experience with mobile data is much better because it doesn’t require any action and just works.

What is Passpoint

To solve the authentication issues, the Wi-Fi Alliance developed a protocol called Passpoint®. The current version is Passpoint (Hotspot 2.0), which completely eliminates the need for users to reauthenticate.

Once authenticated for the first time, users can access Wi-Fi in a stadium, airport, hotel, or public space with Passpoint, which automates the login process. Enabling a seamless connection between Wi-Fi hotspot networks and mobile devices, all while delivering enterprise-level security.

Benefits of Public Wi-Fi

Due to the cost of mobile data connections, Wi-Fi offers a unique possibility to gain part of the outdoor market with a free service with very high or no traffic limit. Traffic limits or caps are one of the main reasons people still use Wi-Fi for laptops outside of the home and office.

Free public Wi-Fi is commonplace in airports and hotels because they are willing to pay for the infrastructure. However, a city can offer similar services utilizing streetlight poles and cable tubes that it already owns and manages, thereby covering large areas and reaching many people. Government grants are available in many countries for such projects, e.g., WiFi4EU in Europe.

Practical uses for Passpoint

Passpoint helps operators in other ways too. Mobile operators that want users to offload some traffic from their mobile infrastructure can offer a Wi-Fi data service that integrates seamlessly with their mobile infrastructure.

Passpoint also works between different operators that share the same authentication database. For example, an operator in a single country can sign an agreement with another operator in another country to provide Wi-Fi to their users without any additional action from the user. This enables users to have the same straightforward Wi-Fi experience when traveling abroad.

For example, hotel chains can offer Wi-Fi to their users independently of the location. Airports can offer services in any area without the need to reauthenticate. Universities can simplify the current intra-university Wi-Fi access for students coming from different campuses, and so on.

Captive Portal Explained

Although Passpoint simplifies access to public networks, there are similar methods for Wi-Fi services in private spaces. One of the most common is called Captive Portal, which offers three authentication methods, all supported by Allied Telesis wireless solutions.

Click-Through: This method asks users to agree to the terms of use (Click-Through Agreement) before allowing them to connect to the wireless network. This doesn’t require any user registration, but it allows you to ask users to agree to the necessary terms.

Internal and External RADIUS Authentication: This method authenticates wireless clients using an external RADIUS server, where client credentials are matched against authentication records.

Captive Portal Page Redirection: This method redirects the authentication page to a user-configured URL such as a third-party Captive Portal vendor page. This is an easy method for guests to log in via the third-party vendor and is common in hotels, airports and other large public spaces.

Passpoint offers new possibilities for any operator, public or private, solving the re-authentication problem and creates new space for Wi-Fi outdoors and in public spaces. Together with Captive Portal, these robust and secure user authentication methods are effortless to use. Their use can increase Wi-Fi usage over mobile data, resulting in lower cost and greater data consumption.

Allied Telesis has a range of Passpoint certified access points suitable for indoor and outdoor use. Their No Compromise Wi-Fi autonomous management solution enables large scale wireless networks to be built and operated with ease. Smart city planners can take advantage of these features to provide their citizens with easy to use Wi-Fi in public spaces, museums, libraries, streets, and parks.