Originally Posted by
Jon Maiman
Typically this is done by installing a certificate on the device during the initial login. The certificate is encrypted and basically an alternate form of credentials without username and password. Certificates are considered to be very secure. There are mechanisms with certificates to ensure authenticity via trust authorities. Not %100 sure Marriott nor Sofia are using this technique, but I thinking it is likely that they are doing so.
--Jon
Marriott is not doing this. They are saving the MAC address and linking it to your Bonvoy account.