It’s Time to Rally Behind Passpoint

Buried in the list of shiny features, like updated Memojis and the ability to start your car with your iPhone, Apple’s new iOS 14 has a subtle new configuration setting that isn’t getting the same kind of press. It will no doubt have big implications for anyone managing a Wi-Fi network. This move is indicative of a trend that spans the mobile device market and could abruptly change the way a guest or tenant experience is delivered.


Back in 2014, Apple released iOS 8 with a “MAC Address Randomization” feature. For those of you who aren’t network nerds like I am, a MAC address is a unique identifier that’s specific to the hardware of the device. This unique identifier is commonly used by network operators to classify the device type, and to identify the user of the device by associating it to the services rendered during the initial onboarding process. The network then leverages that information to automate and optimize the ongoing user experience. Network operators have focused on MAC addresses to respond to a variety of business objectives such as:

  • Maximizing revenue by controlling the ability to roam to other venues or network segments
  • Securing network resources by reserving usage for clients
  • Increasing customer retention by providing the most automated, frictionless experience possible

When iOS 8 was released, it came with an initial version of MAC randomization that was manageable by the wider network operator community. These identifiers were randomized when devices probed for available SSIDs (the Wi-Fi network names that you typically choose from) but remained permanently consistent when associating to each SSID. This allowed brands to continue to track their users’ devices and provide the desired service continuity while also ensuring security against potential malicious spying. Since then, Android has followed suit with similar behavior on their devices.*

NOW—iOS 14

During this year’s Apple WWDC conference, we got a first glimpse of how the MAC randomization feature is evolving and how it will impact network operators. There’s now a new setting called “Use Private Address” with no ambiguity about its purpose: “Private Wi-Fi address prevents network operators from tracking your iPhone.” While this feature was likely born out of the honorable intent to provide better privacy, its impact threatens to erase a carefully crafted user journey made possible through seamless connectivity.  In the current developer version of iOS 14, this randomization setting is enabled by default, which means that the vast majority of Apple users will have it enabled in short order when the iOS 14 upgrade is officially launched to the public later this year.

If you’re an Apple user, this means you’re likely to see more friction when you join networks at hotels, malls, cafes, airports, and other places you commonly visit. Currently, you only need to onboard a new device once. The next time you return to that location, you’re automatically authenticated. With the iOS 14 upgrade, however, that seamless auto-authentication via a MAC address will no longer exist. Additionally, networks will no longer be able to remember loyalty customers upon arrival and offering “Free Wi-Fi for 30 days to New Loyalty Members” as a marketing acquisition incentive will no longer be an enticing promotion. The impact on customer satisfaction will be measurable. Even more, it’s safe to assume that Android will follow suit with similar behavior on their devices.

Passpoint is the Answer for Network Owners

In order to mitigate this negative impact on user experience, venue owners will need to pay close attention to the technology that their network operators are using. Passpoint® is the Wi-Fi Alliance standard which automates the secure connectivity to networks. Passpoint is likely to finally get the credit it deserves thanks to its sophisticated approach to securely onboard devices to targeted Wi-Fi networks.

Passpoint improves the mobile user experience by automatically associating to Wi-Fi network hotspots using an identity stored on the device rather than the MAC address. The user experiences the same seamless access as with MAC authentication, but in a more secure and reliable fashion.

While the Passpoint standard has been around for some time now, the software that drives the one-time sign-up process to download profiles and uniquely identify users is not simple. Network operators that aren’t mature in their network, hardware, and software capabilities will struggle to provide ideal user experiences and their customer venues are sure to take notice.

ConnectionAssist is the Solution to Seamless Authentication

At Single Digits, we’ve been rallying behind this technology for years. With our ConnectionAssist solution, you can provide a simple, secure, and connected authentication experience to anyone who steps foot onto your property.

How does it work? The ConnectionAssist first-time provisioning step puts a Passpoint credential (profile) on the device and whenever that device sees that network again, it automatically provides those credentials for authentication. The end result—a seamless onboarding experience your Wi-Fi users now expect.

Learn More

By Joe Martin
Director, Sales Engineering, Single Digits



    • If you are an existing Single Digits network owner have no fear—let’s talk about streamlining your authentication and Wi-Fi experience.
    • If you aren’t a customer of ours yet, we’d like to introduce you to our network capabilities and how we can provide your customers with a connected experience that is seamless, reliable, and secure.

Contact Us

* Martin, Jeremy & Mayberry, Travis & Donahue, Collin & Foppe, Lucas & Brown, Lamont & Riggins, Chadwick & Rye, Erik & Brown, Dane. (2017). A Study of MAC Address Randomization in Mobile Devices and When it Fails. Proceedings on Privacy Enhancing Technologies. 2017. 10.1515/popets-2017-0054.


Now that you know what you’ve been missing,