For the love of captive portals: Why we built the best one in the world (and why it's still not good enough)
If you work in tech, networking, or venue management, you probably have a complicated relationship with the captive portal. That Guest WiFi login screen that we all dread using is the gateway to connectivity in our airports, hotels, stadiums, and shops. For the last 13 years at Purple, we’ve been on a mission to make that gateway as smooth, secure, and intelligent as possible. We obsessed over it. We innovated, optimized, and polished every pixel and every user flow. And I say with confidence: we built the best captive portal in the world.
But now I’m here to tell you why it’s time to move on.
The journey from better to best
Let's rewind. A decade ago, Guest WiFi was the Wild West. You’d open your browser, get a redirect error or SSL certificate error, and hopefully find a non-https page that would redirect you to the login page. The Captive Network Assistant (CNA) - that familiar pop-up mini-browser that slides up on your iPhone or Android device when you join any Guest WiFi network - was a massive leap forward. It created a standardized, contained environment for authentication. For us at Purple, this was a canvas. We saw an opportunity to transform a simple barrier into a value-add experience.
We pioneered social sign-on to eliminate the "create another password" fatigue. We focused relentlessly on design principles and friction reduction, A/B testing every step to shave seconds off the connection time. We built a platform that was compliant, secure, and rich with analytics, giving our customers insight they'd never had before. We turned a clunky door into a sophisticated concierge that could tell you what gate your flight was leaving from or direct you to your appointment. We took the process from "better" to what we can confidently call the best. But a fundamental problem remained: even the best concierge is still someone you have to stop and talk to before you can get to your room.
Why the best still Isn't good enough
The cracks in the portal model are no longer fixable. They are fundamental flaws in the architecture, and they've become impossible to ignore. There are two core problems.
First, a captive portal by definition is a walled garden. It blocks most of the internet until you've authenticated. In 2025, this breaks the modern web, making payments (especially involving 3DSecure), advertisements and third-party integrations much more difficult than they should be. The second, more serious problem is the CNA itself. That mini-browser is a technical dead end. It’s an isolated sandbox that, to protect the privacy of users, limits functionality and doesn't interact with the wider device ecosystem.
This creates a nightmare UX that we, as an industry, have been forcing on users, which includes but is not limited to no passkeys (the future of password-less authentication), broken multi-factor authentication, terrible user experiences for forgotten passwords or one-time passwords, no ability to log in via app, and last but not definitely not least, no shared cookies to allow username/password remembering for social authentication. Want to log in with Facebook? Good luck remembering that password that you haven't had to type in for years. We've polished this experience to the absolute limit, but the limit has been reached.
The industry is moving on (and so are we)
The entire digital landscape is shifting under our feet. MAC randomization, while a massive and welcome win for consumer privacy, makes traditional seamless authentication based on recognizing a device nearly impossible. New standards like OpenRoaming, PassPoint, and Capport are all signals that the industry is actively building a post-portal world. Privacy constraints will only get tighter. The user experience demands will only get higher. The future is seamless, secure, and invisible. The future is not a pop-up.
Moving beyond the captive portal: Purple ConneX
We saw this coming. And instead of trying to patch the unpatchable, we built the replacement. It’s called Purple ConneX.
It’s an app, and it's the last WiFi app you'll ever need. The user experience is a paradigm shift:
- A user installs the ConneX app once (or has it provisioned by their employer, etc.).
- They walk into any ConneX-enabled venue - be it your airport, your stadium, or your coffee shop.
- Their phone connects instantly and securely to the WiFi.
- They are prompted by notification to optionally share additional data at a time that's right for them.
That’s it. No portal. No pop-up. No friction. Just an immediate, encrypted, Passpoint-powered connection. They don't even need to open the app.
"But what about the marketing and the data?" I hear you ask. This is the best part. After the user is connected, they receive a simple, non-intrusive notification. It's an invitation, not a barrier. It might say, "Welcome to Purple Stadium. Tap here for exclusive offers and to join our mailing list." The user is already online. They're not being held hostage for their data. They're in control. And what we've found is that when users are treated with respect, they opt-in with intent. They want to hear from you.
And this app-based approach unlocks benefits beyond public access. We've thought about your private, corporate network too. ConneX allows users to add secure network passes by authenticating against your existing identity provider (like Entra ID, Okta, or Google Workspace). This authenticates colleagues to your corporate WiFi in a way that is indelibly linked to their identity, provisioned and deprovisioned automatically according to your joiners/leavers/movers processes, and allows you to assign network policy based on user identities. This also becomes the foundation of paid WiFi access - passes that can be pre-purchased, and activate automatically when the user first joins the WiFi, as soon as they're in range of the network.
Our goal is a single, identity-driven network solution that means users can connect at home, at work, and at play - securely, seamlessly, everywhere. This is the win-win we’ve been chasing for 13 years.
For users, an incredible user experience. Instant, encrypted, and secure connectivity. They don't need a separate VPN. They don't feel like they have to "buy" WiFi access with their personal data. For WiFi owners, a marketing list of people who chose to be there. This isn't a list of "click-throughs" from a frustrated captive portal. These are engaged fans and customers. Your marketing KPIs—from engagement to unsubscribe rates—will thank you. And for the industry, we finally move on. We stop trying to fix a broken model and embrace a future that is simultaneously more private and more valuable for everyone.
We truly loved the challenge of building the world's best captive portal. But we're infinitely more excited to be the ones replacing it.
.png)
