Source: Sam Churchill/Flickr
CC BY 2.0
What is Passpoint WiFi and How It Works
Brought to you by the folks at the Wi-Fi Alliance, Passpoint provides a “seamless, secure connection to Wi-Fi® hotspot networks.” But, like all good apps, Passpoint has evolved to do much more. Below, we’ll explain further what Passpoint WiFi is and how it works.
Although Passpoint has been around since 2012, many WiFi users remain unaware of its functionality, yet use it every day. You may have heard of “Hotspot 2.0,” the marketing-friendly term for Passpoint.
WiFi Passpoint Overview
At its most basic level, Passpoint simplifies and streamlines connectivity to WiFi hotspots, authenticating users’ devices automatically. Consider it in the context of a spiderweb of cell-phone towers. But instead of handing off your device’s signal between cell towers, Passpoint jumps connectivity from one hotspot to another.
Without Passpoint, your device would have to login every time it accessed a different hotspot. Passpoint lets users sign in once, then uses their credentials as their devices hop from one access point (AP) to the next. Users’ authentication occurs every time they connect. Of course, the hotspot (i.e., router) must support Passpoint for this connectivity transfer to happen.
Passpoint aka IEEE 802.11u-2016
For Passpoint, the Wi-Fi Alliance amended the IEEE 802.11-2007 standard to facilitate inter-connectivity with external WiFi networks. These amendments address functionality issues such as:
-
Automatic discovery and selection of WiFi networks with Access Network Query Protocol (ANQP), which uses metadata (IP address type, EAP authentication, NAI realms, etc.) to process network choices;
-
Traffic shaping—i.e., QoS device distribution—for quality Internet experiences;
-
Facilitation of WiFi mesh deployment (including user end devices as network nodes);
-
Facilitation of cellular traffic (LTE, 3G) offloads to WiFi networks.
Hotspot 2.0 is meant to benefit all network stakeholders. Users receive better WiFi coverage while lowering their mobile carrier data usage. MNOs relieve congestion on their mobile networks by downloading traffic to WiFi networks. Too, WiFi providers monetize their service by devising marketing strategies based on user purchasing choices, demographics and location data.
Here, we turn to Ruckus Networks Senior Principal Engineer Dave Stephenson and his explanation of Passpoint 2.0:
How Secure is Passpoint?
Given that the IAG has consistently admonished WiFi users to safeguard their online security by using VPNs when surfing the web via public hotspots, questioning the security features of Passpoint is appropriate.
At present, Passpoint supports both WPA2 and WPA3 for “expanded enterprise-level security.” As we noted in a recent IAG article, both of these security algorithms can be cracked.
In particular, Hashcat is quite effective in solving WPA2 ciphers. And, according to a team of American and Israeli computer security experts, the Wi-Fi Alliance dropped the ball on safeguarding WPA3’s SAE handshake, baking several design flaws into the specification.
Hence, we still recommend the use of a robust VPN whenever availing of the Internet at a public hotspot. Or, if you’re really paranoid about cybersecurity, eschew WiFi totally and use a hard-wired Ethernet connection instead.
Passpoint Support
It’s taken a while but OEMs, MNOs, MSOs and OS platforms all now widely deploy Passpoint across their devices. However, Passpoint is not an obligatory addition for OEMs, which may choose to embed it into their devices or not. Note that Passpoint can be found on both SIM and non-SIM Wi-Fi devices.
Should a device’s software support Passpoint, the manufacturer is obliged to fulfill “expected functionality,” which essentially means compliance with the 802.11u standard.
In iOS, Passpoint is built into the WiFi manager. So, if WiFi is on, so is Passpoint. Only by turning off WiFi can the user disable Passpoint.
As alluded to above, Android makes Passpoint an option found in the device’s WiFi menu. Go to the “Advanced” or “More” section of the WiFi menu and select either “Hotspot 2.0” or “Passpoint.” Check the box to turn Passpoint on, or clear the box to turn Passpoint off.
Operating systems that support Passpoint include
-
Android (since “Marshmellow,” aka 6.0)
-
Windows 10
-
iOS/macOS (10 and above for both)
Devices include:
-
Routers sold by Ruckus, Han Networks, Alcatel-Lucent, LG, Fujitsu, D-Link, Cisco-Meraki, Arris, Broadcom and manymany other OEMs.
-
Phones include iPhone 11/Pro/Max, Samsung Galaxy Note 10+ and Galaxy S7, and models made by Fujitsu, LG, Sony, Qualcomm, Motorola and manymany others.
Other categories consist of”Computers & Accessories,” “Gaming, Media & Music,” “Smart Home,” “Tablets, Ereaders & Cameras” and “Televisions & Set Top Boxes.” All told, as of 15 January 2020, over 48,000 consumer products are Passpoint-certified. Almost a quarter of these are routers. For a complete list of devices, see this.
We recommend users adopt Passpoint r2, as opposed to the earlier r1. Also, the Alliance released r3 in May 2019, but if history is a reliable indicator, OEMs will take their time implementing the new release into their devices.
MSOs, MNOs and Passpoint
Passpoint wouldn’t work without the cooperation of mobile operators (viz, MNOs) and implementations by MSO (viz, “the cable company”) providers.
MNOs, in particular, were slow to embrace Passpoint, and who could blame them? They paid big money to license spectrum to carry their mobile wireless traffic, and originally viewed WiFi as a threat to their bottom line.
But with the explosion of mobile device usage and the congestion of ever-growing traffic loads on their networks, they’re now all too glad to offload traffic to WiFi networks whenever possible. In the U.S., AT&T, T-Mobile and Sprint all take advantage of Passpoint (but not Verizon; see below).
More crucial to the user’s optimal Passpoint WiFi experience is the coordination of network assets among various MSOs implementing Hotspot 2.0. Indeed, this “roaming-partner” arrangement was the point behind Passpoint’s development.
American MSOs Comcast, AT&T, Spectrum and Boingo Wireless all provide Passpoint-capable networks. When you see an advert for an ISP provider claiming that it offers hundreds of thousands of free public WiFi hotspots to subscribers, it’s due in large part to Passpoint technology.
Verizon Passes On Passpoint
Big Red is an outlier among its competitors in that it eschews supporting Passpoint. Thus, Verizon subscribers aren’t automatically foisted onto a Passpoint-enabled network when one is available.
In a statement to fiercewireless.com, Verizon was vague regarding their reticence to support Passport, only stating that the carrier is “evaluating the use of Hotspot 2.0/Passpoint WiFi technology for future use.”
FierceWireless editor-in-chief Mike Dano speculates that Verizon’s disinclination toward Passpoint is due to the carrier’s “longtime desire to retain direct control over its customers’ network experience.” Hence, “Verizon may not want to trust other companies to provide good service to its customers.”
Of course, other, less altruistic motives are in play. Verizon championed LTE-U, an alternative to carrier-owned WiFi hotspots. Originally proposed by Qualcomm, this technology uses LTE over unlicensed spectrum (i.e., the 5 GHz WiFi frequency). Verizon founded the LTE-U Forum in 2014 to create specs for consumer devices and base stations operating on LTE-U.
First opposing the deployment of LTE-U was Google, which filed a formal protest over LTE-U with the FCC in 2015. They were joined months later by the Wi-Fi Alliance and the National Cable & Telecommunications Association (NCTA), both of which voiced concerns that LTE-U would significantly diminish the performance of other WiFi devices.
The following year, the Wi-Fi Alliance heralded a “co-existence” test plan for use with both Wi-Fi and LTE-U. Shortly thereafter, however, both Qualcomm and Verizon balked at implementing the test plan. Big Red claimed the plan was “fundamentally unfair and biased.”
LTE-U is in use today across limited portions of the U.S. by both Verizon and T-Mobile, using base stations manufactured by Nokia and Ericsson. As of July 2019, the technology had been deployed by 37 operators in 24 countries worldwide.
Coda
Facilitated by Passpoint, Europeans enjoy much more universal WiFi coverage than Americans. The Wi-Fi Alliance explicitly claims that Passpoint is “specified for WiFi4EU,” an “initiative (that) promotes free access to Wi-Fi connectivity for citizens in public spaces including parks, squares, public buildings, libraries, health centers and museums in municipalities throughout Europe.”
Note that “only the municipalities (or equivalent local administrations) or associations of municipalities may participate.” Requirements include offering users Internet connection download speeds of “at least” 30 Mbps, AP compliance with the IEEE 802.11ac standard, supporting “at least 50 concurrent users without performance degradation” and compliance with Hotspot 2.0.
Of course, such a government initiative takes the profit “air” out of the carrier-sponsored WiFi hotspot model as it currently exists in the U.S. Thus, it comes as little wonder that “engulf and devour” MNOs like Verizon would favor LTE-U over Passpoint.