Wifi Authentication In Marriott Hotels
#1
Original Poster
Join Date: Feb 2018
Programs: Bonvoy :Ambassador , ALL :Diamond, Skywards :Silver, Krisflyer :Silver
Posts: 2,802
Wifi Authentication In Marriott Hotels
For my last couple of stays, somehow in room wifi no longer ask for authentication (room number - last name)
So when connecting to the hotel wifi network, both my laptop and mobile phone show a different landing page.
Instead the usual one asking for room number and last name, it straight show welcome (members name) and information that it was connected to their premium wifi or whatever wifi they have.
The same happens when I visit a Marriott hotels and not stay with them.
The hotel I experience this are :
St Regis Nusa Dua, Fairfield Legian, The Ritz Carlton Mega Kuningan, and W Seminyak (I only visit their bar on W Seminyak)
I did stay at St Regis Nusa Dua and The Ritz Carlton Mega Kuningan previously but I never visit either W Seminyak or Fairfield Legian.
(Interestingly it happens with Accor hotels portfolio as well)
Does Marriot somehow centralise their authentication services and recognise the devices?
So when connecting to the hotel wifi network, both my laptop and mobile phone show a different landing page.
Instead the usual one asking for room number and last name, it straight show welcome (members name) and information that it was connected to their premium wifi or whatever wifi they have.
The same happens when I visit a Marriott hotels and not stay with them.
The hotel I experience this are :
St Regis Nusa Dua, Fairfield Legian, The Ritz Carlton Mega Kuningan, and W Seminyak (I only visit their bar on W Seminyak)
I did stay at St Regis Nusa Dua and The Ritz Carlton Mega Kuningan previously but I never visit either W Seminyak or Fairfield Legian.
(Interestingly it happens with Accor hotels portfolio as well)
Does Marriot somehow centralise their authentication services and recognise the devices?
#5
Join Date: Jul 2018
Location: Italy
Programs: Accor Gold, Marriott Titanium, IHG Diamond , Amex Platinum
Posts: 1,484
I’m having the same experience actually at Sofia Balkan hotel and Sense hotel Sofia ...
no password (or name / room number) required at both the properties.
no password (or name / room number) required at both the properties.
#6
Join Date: Mar 2003
Location: Pittsburgh, PA, USA
Programs: MR LT Titanium, IHG Plat.,UA Premier Silver, & PA/OH Turnpike Million Miler
Posts: 2,306
Typically this is done by installing a certificate on the device during the initial login. The certificate is encrypted and basically an alternate form of credentials without username and password. Certificates are considered to be very secure. There are mechanisms with certificates to ensure authenticity via trust authorities. Not %100 sure Marriott nor Sofia are using this technique, but I thinking it is likely that they are doing so.
--Jon
--Jon
#7
Join Date: Nov 2008
Location: NYNY
Programs: Marriott Ambassador & LT Titanium, UA Silver, AA PLT
Posts: 842
Typically this is done by installing a certificate on the device during the initial login. The certificate is encrypted and basically an alternate form of credentials without username and password. Certificates are considered to be very secure. There are mechanisms with certificates to ensure authenticity via trust authorities. Not %100 sure Marriott nor Sofia are using this technique, but I thinking it is likely that they are doing so.
--Jon
--Jon
#8
Join Date: Mar 2003
Location: Pittsburgh, PA, USA
Programs: MR LT Titanium, IHG Plat.,UA Premier Silver, & PA/OH Turnpike Million Miler
Posts: 2,306
MAC Authentication is totally insecure. It is very easy to spoof a MAC address. If Marriott is doing that, it is very unfortunate. Not saying they are not, just pointing out it is a very bad authentication technique.
--Jon
--Jon
#9
Join Date: Aug 2007
Programs: DL DM
Posts: 1,079
Wouldn’t that just result is free access for the person doing the spoofing? What’s the threat to the real MAC address owner?
#10
Join Date: Mar 2003
Location: Pittsburgh, PA, USA
Programs: MR LT Titanium, IHG Plat.,UA Premier Silver, & PA/OH Turnpike Million Miler
Posts: 2,306
Depends. If there only using the MAC Authentication to control access to WiFi, then I agree it limits the exposure. On the other hand, if you're making it that easy to get on the WiFi, no reason to bother with authentication at all and just make it a truly open SSID. The potential exposure comes if at some point Marriott (or other companies) start using MAC Authentication as way to do authorization for your MR (or other company) account. Granted I haven't seen Marriott nor anyone else do this yet; however, who knows where they will go next. Using MAC Authentication sets a bad precedent. My two cents....
--Jon
--Jon
#11
Join Date: May 2017
Posts: 120
It already IS an open SSID - the portal you sign in on only controls whether their system lets your connection go through to the public internet or not. Since it's an open network (IE, not secured with a password/WPA2 key), everyone can see everyone else's data packets. You're relying on either your own VPN or an encrypted connection to the website you're accessing for security.
The only way they could defeat that would be to give everyone a unique username and password to log in to the Wi-Fi with, which would not be practical.
The only way they could defeat that would be to give everyone a unique username and password to log in to the Wi-Fi with, which would not be practical.
Last edited by PrancingPonyGoldMember; Jan 16, 2020 at 4:05 pm
#12
Join Date: Mar 2003
Location: Pittsburgh, PA, USA
Programs: MR LT Titanium, IHG Plat.,UA Premier Silver, & PA/OH Turnpike Million Miler
Posts: 2,306
It already IS an open SSID - the portal you sign in on only controls whether their system lets your connection go through to the public internet or not. Since it's an open network (IE, not secured with a password/WPA2 key), everyone can see everyone else's data packets. You're relying on either your own VPN or an encrypted connection to the website you're accessing for security.
The only way they could defeat that would be to give everyone a unique username and password to log in to the Wi-Fi with, which would not be practical.
The only way they could defeat that would be to give everyone a unique username and password to log in to the Wi-Fi with, which would not be practical.
My two cents, eliminate captive portals or simply have them be a click and go on acceptable use terms. WiFi is a utility now like running water, electric power, HVAC, etc. Too many devices have issues with captive portal implementations which makes it difficult for unsophisticated users (and if it is broken enough all users) to access the WiFi.
--Jon
Last edited by Jon Maiman; Jan 16, 2020 at 4:28 pm
#15
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Not all hotels use this. Many give you the option of regular wifi or deluxe wifi for Gold and Platinum (as the splash page states) and you choose. Then others recognize my device and say welcome back.
By the way, IHG hotels all do the recognition now too.
By the way, IHG hotels all do the recognition now too.