We provide several authentication methods to register your guests. In this article, we will see the differences between them and how that translates into privacy or security concerns and also user experience.
Declarative
This is the most basic way of authenticating your users. Nothing is mandatory beyond accepting the terms of use. Additional fields may be added to collect more data like full name, country, or phone number.
The user experience may vary on the number of fields required to register. However, when this number is low, the UX (User Experience) is quite good.
The security level of this method is very poor. MAC address may be spoofed and any detail entered by the user may be false.
Email authentication requires a verified email to receive the credentials. Any additional field can be added.
This method requires the user to be able to access his mailbox to receive the credentials. This hinders the UX.
Email verification is not bulletproof in regard to security as it is quite easy to have an anonymous email.
SMS
Authenticating your users via SMS-delivered credentials is a fast and secure method. More fields can be added to collect more data.
SMS is really convenient for the user, the only drawback is that on a handful of devices, the user may have to disconnect to copy the password from the SMS.
SMS is a very secure authentication. It is mandatory in some countries for hotspots like China or Russia.
Social networks
Social networks are an expeditious and safe way to register users. The social ID is collected, and some emails may be available.
The UX is excellent, as the user can register and connect quickly.
The level of security for social networks is median. Most social networks usually verify their users and collaborate with governments when requested.
Sponsor
Sponsored authentication is a way to control access to your hotspot tightly. Only guests endorsed by a sponsor can have credentials to log in.
It is less convenient for the user, but this trade-off gives maximum security for sensitive hotspots.
The type column of the identities list
In the Identities page of the admin console, you can see the type of each identity in the identities list. This is the registration method used to authenticate the user. You can see all the varieties we covered in this article, plus some that may need an explanation.
-
Sponsored email: The user register and receive credentials on his/her email to log into the service. Think self-register with credentials.
-
Lobby email: if an administrator created the credentials through the lobby page, the "@company.cloudi-fi.com" email will be displayed here.
-
The sponsor's email: When the sponsor validates the authentication with the mail he received, his/her address will be displayed here.