Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

How to Connect to Passpoint Wi-Fi on iOS

In a nutshell, Passpoint is a protocol developed by the Wi-Fi Alliance that allows users to connect securely to a Wi-Fi hotspot. Designed to operate like roaming works for cellular networks, Passpoint provides seamless roaming between different Wi-Fi carriers and securely connects users to Wi-Fi.

Passpoint is supported by almost all of the popular enterprise-class access points available. Passpoint also renders native support to major mobile and computer OS. 

You don’t have to worry about lost connections if you travel out of state or country, as you can connect to the Wi-Fi automatically from a Passpoint-supported device.

Passpoint Connection Process: Explained

Quote Banner RADIUS and PKI

If a user has a Passpoint-enabled device and connects to a Wi-Fi network once, the Passpoint switch automatically clicks on subsequent visits. Passpoint enables hassle-free connectivity between Wi-Fi Alliance service providers on the network and mobile devices. 

It delivers enterprise-level security, automatically connects users to a network, requests Wi-Fi access, and reauthenticates at each visit. Passpoint provisions new device onboarding (with or without SIM) by setting up credentials and policy information for every user device.  

How to Connect Passpoint Wi-Fi on iOS

When connecting to Wi-Fi, your iOS device examines service set identifiers (SSIDs) in the following order as per Apple:

  1. The “most preferred network.”
  2. Your pre-set Private network
  3. Public network

The “Most Preferred Network”

The “preferred network” or known network is a network you connect to manually. The score for a public network is based on the number of times you manually connect or disconnect from a network.

Private Network

Private networks are set up in offices and homes and are your hotspot from iOS and Mac devices with macOS Ventura or its subsequent versions. The OS reconnects to any recently joined network. 

Public Network

Public networks like the Wi-Fi networks in coffee shops, airports, and hotels can be accessed by the general public and include Passpoint, Hotspot 2.0, an EAP-SIM, and any other Wi-Fi connections offered by cellular or network carriers. 

When the iOS device detects the network, then it connects in the following order:

  1. Any device configured using an MDM connects to a known private network rather than an unknown network. It applies especially and mainly for devices configured with iOS 16.4, iPad 16.4, and macOS Ventura 13.3 or later.
  2. Wi-Fi 6 networks are preferred over Wi-Fi 5 networks.
  3. Frequency band: 6 GHz, then 5 GHz, then 5 GHz (DFS), then 2.4 GHz.
  4. Security: WPA Enterprise, then WPA Personal, then WEP.
  5. Unsecured/Open networks would only be joined in the event of non-connection to any known networks. 

Enabling Passpoint/Hotspot 2.0 on an iOS device

Apple support lists the following steps to configure Hotspot 2.0 MDM settings for an iOS device. 

  1. Enter the display name for the HotSpot 2.0 network and the fully qualified domain name (FQDN) of the HotSpot 2.0 service provider.
  2. Enter a series of digits corresponding to one of the service provider’s HotSpot 2.0 networks.
  3. Enter the known NAI realm names.
  4. Enter the digital codes for both the MCC and the MNC.
  5. Specify whether to connect to additional HotSpot 2.0 networks pre-approved by the service provider.
  6. Specify whether the network that the device connects to is broadcasting its identity.
  7. Specify whether to automatically join the network without notifying users.
  8. Users won’t be able to join networks requiring agreements or other information before network access.
  9. Select an authentication method for the network. Connections are allowed only to networks that support the type you select. You can choose:
  • WEP
  • WEP Enterprise (802.1X WEP)
  • WPA/WPA2 (Personal or Enterprise)
  • WPA3
  1. Choose “Any” to permit network connections supporting any of the protocols.
  2. Enter the password for joining the HotSpot 2.0 network, if applicable. If you leave this blank and the network requires a password, users are asked to enter it the first time a connection is established. The per-connection password option prevents caching of the user’s password.

Does My iOS Device Support Passpoint/Hotspot 2.0?

Any Apple device that runs on iOS 7.0 or later supports Passpoint/Hotspot 2.0. To check the iOS version on your phone, go to Settings: General: then tap About.

Is Enabling Passpoint on iOS Devices Good?

In many cases, it is a good idea to connect to Passpoint, especially when roaming. If there are other private Wi-Fi networks that the device knows the password of, the device might prioritize the connection to these networks. 

The behavior of a device changes per OS and vendor. The connection frequency to a network or the action of a “forget” network on a specific router may also influence a device’s network connection. Roaming usage depends on the specific user, but enabling Passpoint is a good idea if you’re regularly roaming. 

How to Connect a Device to Passpoint Wi-Fi

The process of connecting a device to Passpoint Wi-Fi is straightforward. You have to enable Wi-Fi settings on your device. Then check the Passpoint box in the Advanced or More options. Most devices have Passpoint configured out-of-box, but some must connect manually to the Passpoint network.

If your device is already configured, connecting to Passpoint is a breeze. But, if you have an older device that doesn’t have a configured network profile, you can connect to Passpoint through an onboarding solution like our JoinNow MultiOS. The JoinNow MultiOS is a self-service onboarding solution that securely configures any device to a network without the burden of admin tickets.

Challenges of Connecting Passpoint Wi-Fi to iOS Devices

Connecting to Passpoint Wi-Fi seems straightforward, but there are a few issues that users have reported in the past: 

  • Complicated onboarding process
  • Insecure networks
  • Disconnect between handovers

Complicated Onboarding Process

To join a Passpoint network, a user has to find a network, pick one that applies to their device, open a browser, type in login information, and consent to a set of ambiguous and vague terms and conditions. The process repeats every time a user moves from one place to another, making it cumbersome during hectic travel times. 

Service providers also have captive portals that demand information like the room number, cellphone number, and hard-to-remember passwords that frustrate users and lead them to prefer their network over the roaming network. 

Insecure Networks

As a user, you should know that not all devices are configured to connect to Passpoint. In such a case, there are more chances that these devices will connect to a public Wi-Fi, leaving the device vulnerable to attacks such as Man-in-the-Middle (MITM) or phishing attempts. 

If you have an older device, configuring it and connecting to a network through an onboarding solution like the JoinNow MultiOS is an excellent option. The onboarding solution will secure your connection to any network by avoiding device misconfiguration. 

MITM Attack

Disconnect Between Handovers

Passpoint is a good option for mobile carriers but not a viable option for all telecom carriers. Telecom carriers may not want to upgrade to Passpoint as it would mean they would have to share their revenue among carriers. This would mean many disconnects when the connection is changed from one carrier to another. 

Secure Your Devices Over Passpoint With SecureW2

When a device connects to an SSID in a network, it opens up many avenues for hackers to hack into the network over the air and leave all your data vulnerable. For years, SecureW2’s onboarding solutions have been industry pioneers in providing certificate-based authentication for devices connecting safely to Passpoint networks. 

Our solutions allow users to self-enroll for certificates and download them to their devices for enhanced security. If your organization deals with legacy devices, you need a solution that effectively configures devices to connect securely to Passpoint and OpenRoaming networks. 

At SecureW2, we have built secure network security with WPA2-Enterpise over the years. A forerunner in adapting to the latest technologies, including Passpoint r3 and 5G, we are constantly updating to provide you with the most secure solutions. 

Click here to learn more about deploying secure network solutions for your organization. 

Learn about this author

Anusha Harish

Anusha is a copywriter with a passion for telling stories through her writing. With a law degree and keen research skills, she writes articles to help customers make informed decisions. A movie buff and a bookworm, she can be found tucked away with a book and a cup of coffee mostly.

How to Connect to Passpoint Wi-Fi on iOS