Passpoint (Hotspot 2.0): marketing opportunities for resellers
Key takeaways: Passpoint (Hotspot 2.0) enables devices to connect to WiFi networks automatically using carrier or enterprise credentials — no captive portal, no login screen. For WiFi marketing resellers, this sounds like an existential threat. It's not. Passpoint adoption in the SMB and hospitality segments (where WiFi marketing lives) is minimal. Carrier Passpoint deployments are concentrated in airports, stadiums, and transit hubs. The vast majority of venues that WiFi marketing resellers serve will continue using captive portals for the foreseeable future. The real opportunity: hybrid deployments where Passpoint handles connectivity and a parallel guest SSID handles data capture.
Technical details reflect Passpoint certification status as of Q1 2026. Deployment patterns continue to evolve.
Passpoint keeps showing up in industry conversations. AP vendors include it in product specs. Carrier networks are deploying it in selected locations. WiFi industry analysts predict it will "transform the guest WiFi experience."
For resellers who make their living from captive portal data capture, the question is pointed: if guests connect automatically without a login page, what happens to the data?
The answer requires separating what Passpoint is from what Passpoint does in practice.
What Passpoint actually does
Passpoint is a certification program from the Wi-Fi Alliance, based on the IEEE 802.11u standard (also called Hotspot 2.0). It enables a device to discover, select, and connect to a WiFi network automatically — without user interaction.
How it works
- •
Credential provisioning. The device is provisioned with credentials from a "home" provider — typically a mobile carrier (AT&T, Verizon, T-Mobile) or an enterprise (company IT department). These credentials are stored on the device's SIM card or in a profile.
- •
Network discovery. When the device encounters a Passpoint-enabled SSID, it queries the AP for its list of supported credential providers (via ANQP — Access Network Query Protocol).
- •
Automatic authentication. If the AP supports the device's home provider, the device authenticates automatically using EAP-SIM, EAP-AKA, or EAP-TLS. No captive portal. No user input. The connection happens silently.
- •
Roaming. Passpoint supports inter-provider roaming, similar to cellular roaming. A T-Mobile subscriber can connect to a Passpoint SSID operated by Boingo or a hotel chain, if there's a roaming agreement.
The result
From the user's perspective: they walk into a venue, and their phone connects to WiFi without any action. No SSID selection. No login screen. No password. The experience is identical to cellular data — except it's WiFi.
Why Passpoint is not an immediate threat to WiFi marketing
Deployment reality
Passpoint has been ratified since 2012. That's 14 years ago. In that time, deployment has been concentrated in:
- •Airports — Boingo operates Passpoint-enabled networks at 40+ U.S. airports
- •Stadiums and arenas — Some NFL, NBA, and MLB venues have Passpoint SSIDs
- •Convention centers — Primarily those managed by large WiFi operators
- •Hotels — Select major chains (Marriott, Hilton) in limited locations
- •Transit — Some metropolitan transit systems (NYC subway, London Underground)
Where Passpoint is not deployed:
- •Independent restaurants, cafes, and bars
- •Retail stores
- •Gyms and fitness centers
- •Salons and spas
- •Medical offices and clinics
- •Small hotels and B&Bs
- •Auto dealerships and service centers
- •Laundromats
- •Churches and nonprofits
- •Breweries and wineries
In other words, Passpoint is absent from every single vertical that WiFi marketing resellers serve.
Why SMBs won't deploy Passpoint
Three structural barriers keep Passpoint out of SMB venues:
1. Infrastructure requirements. Passpoint requires enterprise-grade APs with 802.11u support, a RADIUS server (or cloud RADIUS service), and a credential management system. The typical restaurant or retail store doesn't have — and doesn't need — any of this. Their Ubiquiti AP with a cloud-managed captive portal works fine.
2. No revenue model. Passpoint enables automatic connectivity. It doesn't capture data. It doesn't display a branded portal. It doesn't enable marketing automation. The venue gets nothing except a slightly smoother WiFi experience for the subset of guests whose carriers have Passpoint agreements. There's no business case for the venue operator.
3. Carrier fragmentation. Passpoint requires agreements between the venue's WiFi operator and mobile carriers. Each carrier has its own credentialing system and roaming terms. Setting up these agreements is enterprise-level work. A 3-location restaurant chain isn't negotiating Passpoint roaming agreements with AT&T.
The 10-year horizon
Will Passpoint eventually reach SMB venues? Possibly. But the path requires:
- •AP vendors shipping Passpoint as a default-on feature in sub-$200 APs
- •A universal credential standard that covers all major carriers
- •A revenue-sharing model that gives venues an incentive to participate
- •Venue operators who care about carrier WiFi offload (they currently don't)
None of these conditions exist in 2026. Resellers selling WiFi marketing to restaurants, retail, hospitality, and service businesses today should not be concerned about Passpoint displacing their captive portal deployments.
Where the opportunity lives
Passpoint creates opportunities for WiFi marketing resellers in two areas.
1. Hybrid deployments: Passpoint + Guest SSID
In venues where Passpoint is deployed (airports, stadiums, convention centers, large hotels), the Passpoint SSID handles carrier-authenticated connections. But not every device authenticates via Passpoint. International visitors, prepaid phone users, and devices without carrier Passpoint support still need a guest WiFi option.
The opportunity: A parallel guest SSID with a captive portal captures data from non-Passpoint devices. In an airport, that might be 40–60% of connections (international travelers, budget carrier users). The captive portal guest SSID runs alongside the Passpoint SSID on the same hardware.
For resellers working with airport authorities, convention centers, or hotel chains, the pitch is: "Passpoint handles your carrier users. Our captive portal captures everyone else — and gives you the marketing data that Passpoint doesn't."
2. Passpoint as a premium tier
Some venues may eventually offer Passpoint as a premium WiFi tier: instant, no-portal connectivity for loyal customers or program members.
The model:
- •Free WiFi: Captive portal with email login → data capture → marketing automation
- •Premium WiFi: Passpoint authentication for members/VIPs → no portal → seamless connection
This tiered model gives venues the best of both worlds. First-time visitors provide their email through the captive portal. Returning, high-value guests get a frictionless Passpoint experience as a loyalty benefit.
The WiFi marketing platform manages the captive portal tier. The Passpoint tier operates independently (or through the AP vendor's controller). Both SSIDs coexist on the same hardware.
3. Data enrichment beyond the portal
As Passpoint adoption grows in certain venues, the data capture model shifts. Instead of capturing email at the portal, venues might capture data through:
- •Post-connection surveys — After Passpoint authentication, redirect to a satisfaction survey or promotion page
- •Location analytics — Track device movement and dwell time without captive portal interaction
- •In-app capture — Prompt users to download a venue app or join a loyalty program after Passpoint connection
- •Web analytics — Track browsing behavior on the venue's landing page (served post-connection)
These approaches are less direct than captive portal email capture, but they represent the evolution of WiFi marketing in Passpoint environments.
Technical details for resellers
Passpoint and captive portal coexistence
A single AP can broadcast multiple SSIDs. One SSID can run Passpoint (802.11u). Another SSID can run a standard captive portal. The controller manages both.
Example configuration:
| SSID | Authentication | Portal | Purpose |
|---|---|---|---|
| Venue_WiFi | Passpoint (EAP-SIM) | None | Carrier auto-connect |
| Venue_Guest | WPA2/Open + captive portal | MyWiFi portal | Data capture |
| Venue_Staff | WPA2-Enterprise | None | Staff network |
This configuration runs on any enterprise AP that supports Passpoint and multiple SSIDs — which includes most current Meraki, Aruba, Ruckus, and UniFi APs.
ANQP and venue information
Passpoint APs broadcast venue information through ANQP (Access Network Query Protocol), including:
- •Venue name and type
- •Roaming consortium list (which carriers are supported)
- •NAI realm list (authentication methods)
- •WAN metrics (backhaul speed and status)
- •IP address availability
- •Operating class
This information is consumed by the device's Passpoint client, not by the guest. It's invisible to the user experience and irrelevant to captive portal operation on the parallel guest SSID.
OpenRoaming: the next evolution
OpenRoaming is a WBA (Wireless Broadband Alliance) initiative that simplifies Passpoint roaming by creating a global federation of WiFi identity providers. Instead of bilateral roaming agreements between individual carriers and venues, OpenRoaming uses a trust framework similar to eduroam (the academic WiFi roaming network).
OpenRoaming is more likely than traditional Passpoint to reach SMB venues because it reduces the setup complexity. A venue doesn't need carrier-specific agreements — it joins the OpenRoaming federation and accepts credentials from any participating identity provider.
Reseller implication: If OpenRoaming reaches SMB venues (timeline uncertain, likely 2028+), it could reduce the percentage of guests who encounter the captive portal. Resellers should monitor OpenRoaming adoption but shouldn't change their current deployment strategy based on a future that hasn't materialized.
The bottom line for resellers
Passpoint is a real technology with a real (if narrow) deployment footprint. It doesn't threaten the WiFi marketing reseller business model for three reasons:
- •
It's not deployed where resellers sell. SMB venues — restaurants, retail, hospitality, services — don't use Passpoint and have no incentive to adopt it.
- •
It doesn't capture data. Passpoint eliminates the login screen. That's great for connectivity. It's terrible for data capture. Any venue that wants to build a guest database still needs a captive portal.
- •
It creates a new deployment tier, not a replacement. In venues that do adopt Passpoint, the captive portal doesn't disappear — it serves the non-Passpoint segment alongside the Passpoint SSID.
Resellers should understand Passpoint at a conversational level (it will come up in technical discussions with IT directors and MSPs), but it shouldn't change how you sell, deploy, or price WiFi marketing services today.
FAQ
Will Passpoint make captive portals obsolete? Not in the SMB segment. Captive portals serve a fundamentally different purpose than Passpoint: data capture and marketing. Passpoint optimizes connectivity. They solve different problems and will coexist indefinitely.
Do any MyWiFi-supported APs support Passpoint? Yes. Most enterprise APs from Meraki, Aruba, Ruckus, and UniFi support Passpoint (802.11u). A single AP can run Passpoint on one SSID and a MyWiFi captive portal on another SSID simultaneously.
Should I mention Passpoint when pitching venue owners? Only if the venue owner asks about it. For 99% of SMB deployments, Passpoint isn't relevant. If an enterprise client or MSP asks, explain the hybrid model: Passpoint for carrier users, captive portal for data capture.
What about Apple's Private Relay and its interaction with Passpoint? Apple Private Relay routes Safari traffic through Apple's proxy network, obscuring the user's IP address. This affects web analytics but doesn't affect captive portal data capture (which happens at the authentication layer before browsing begins). Private Relay and Passpoint are orthogonal technologies.
Is OpenRoaming something I should prepare for? Monitor it, but don't change your strategy. OpenRoaming adoption in SMB venues is at least 2–3 years away. When it arrives, the hybrid deployment model (OpenRoaming + guest captive portal) will apply the same way Passpoint + guest SSID works today.
Resellers working with enterprise venues can explore the hardware compatibility list to identify APs that support both Passpoint and captive portal SSIDs for hybrid deployments.