We provide several authentication methods to register your guests. In this article, we will see what are the differences between them and how that translates into privacy or security concerns and also user experience.

Declarative

This is the most basic way of authenticating your users. Nothing is mandatory beyond accepting the terms of use. Additional fields may be added to collect more data like full name, country or a phone number.
The user experience may vary upon the number of fields required to register. However, when this number is low, the UX (User Experience) is quite good.

The security level of this method is very poor. MAC address may be spoofed and any detail entered by the user may be false.

Email

Email authentication requires a verified email to receive the credentials. Any additional field can be added.
This method requires the user to be able to access his mailbox to receive the credentials. This hinders the UX.

Email verification is not bulletproof in regard to security as it is quite easy to have an anonymous email.

SMS

Authenticating your users via SMS delivered credentials is a fast and secure method. More fields can be added to collect more data.
SMS is really convenient for the user, the only drawback is that on a handful of devices, the user may have to disconnect to copy the password from the SMS.

SMS is a very secure authentication. It is mandatory in some countries for hotspots like China or Russia.

Social networks

Social networks are a really quick and safe way to register users. The social ID is collected and some email may be available.
The UX is excellent as the user is able to register and connect in a few seconds.

The level of security for social networks is median. The majority of social networks usually verify their users and collaborate with governments when requested.

Sponsored authentication is a way to tightly control access to your hotspot. Only guests endorsed by a sponsor can have credentials to log in.
It is obviously less convenient for the user but this trade-off gives maximum security for sensitive hotspots.

The type column of the identities list

In the Identities page of the admin console, you can see the type of each identity in the identities list. This is the registration method used to authenticate the user. You can see all the types we covered in this article plus some that may need an explanation.

  • Sponsored email: The user register and receive credentials on his/her email to log into the service. Think self-register with credentials.

  • Lobby email: if an administrator created the credentials through the lobby page the "@company.cloudi-fi.com" email will be displayed here.

  • The email of the sponsor: ¬†When the sponsor validates the authentication with the mail he received, his/her address will be displayed here.

Did this answer your question?