802.11
The IEEE family of standards that govern wireless LAN technology. Different generations (802.11n, 802.11ac, 802.11ax) are marketed as WiFi 4, WiFi 5, WiFi 6 and so on.
WiFi Glossary
Plain-English definitions of every WiFi, captive portal, and authentication term that matters — with deep links to the technology behind each one.
0–9
802.1X
A port-based network access control standard. On WiFi, 802.1X gates each user or device by sending an authentication request to a RADIUS server before granting access — the foundation of WPA-Enterprise.
See WPA-Enterprise →A
Access Point (AP)
The radio that broadcasts a WiFi signal and bridges wireless clients onto the wired network. A typical venue needs one AP per ~20–30 concurrent users, depending on density and traffic.
Open the access point calculator →B
Bandwidth
The maximum data rate a network connection can carry. Distinct from throughput (actual measured rate) and latency (delay). Most venues over-buy bandwidth and under-tune density.
Read about bandwidth management →C
Captive portal
The branded sign-in page guests see when they first join a public WiFi network. Handles authentication (social login, email, SMS, voucher, SSO), terms acceptance, marketing opt-in, and the handoff to analytics and CRM.
See captive portal software →Cloud RADIUS
A hosted RADIUS authentication service that replaces on-prem FreeRADIUS, Microsoft NPS, or Cisco ISE. Access points forward auth requests to the cloud; credentials are validated against an identity provider.
See RADIUS-as-a-Service →D
DHCP
Dynamic Host Configuration Protocol. The mechanism that assigns each device on a network its IP address, default gateway, and DNS servers when it joins.
DNS
Domain Name System — the layer that resolves human-readable names (purple.ai) to IP addresses. DNS-level filtering is the basis of safe-browsing controls on guest WiFi.
Dwell time
How long a visitor remains in a venue or zone, measured passively via WiFi probe data. A core marketing-analytics metric — predicts conversion better than raw footfall in retail and hospitality.
See WiFi analytics →E
EAP-TLS
Extensible Authentication Protocol over TLS — the most secure 802.1X authentication method. Uses certificates on both client and server, eliminating shared secrets entirely. The default for passwordless WiFi.
See passwordless WiFi →F
First-party data
Data collected directly from your customers via your own systems — names, emails, marketing consent, visit patterns. Increasingly critical as third-party cookies disappear. Captive portal sign-ups are a primary first-party-data source for venues.
See first-party data capture →Footfall analytics
Counting the number of visitors entering a venue and characterising their behaviour (new vs. repeat, dwell distribution, zone flow). WiFi-based footfall analytics requires no cameras and works with anonymised MAC data.
See WiFi analytics →G
GDPR
EU General Data Protection Regulation. Mandates consent for personal data capture, data minimisation, the right to erasure, and breach notification. Compliant captive portals capture explicit consent per sign-up and store consent logs for audit.
See data privacy →Guest WiFi
A separate wireless network for visitors, isolated from staff and payment networks. Combines a captive portal for sign-in, a guest VLAN for traffic isolation, and analytics for marketing intelligence.
See Purple Guest WiFi →H
Heat map (WiFi)
A visualisation of signal strength across a physical space, used to plan AP placement. Cool tones indicate weak coverage; hot tones indicate strong coverage and potential AP overlap.
Read about WiFi heat maps →Hotspot 2.0
The IEEE 802.11u standard that lets compatible devices roam onto WiFi networks automatically, without a captive portal, using credentials provisioned to the device. The technology layer beneath Passpoint and OpenRoaming.
Read about Hotspot 2.0 →I
iPSK
Identity Pre-Shared Key — a per-user or per-device password on the same SSID. Lets IT revoke a single device without rotating a network-wide passphrase. A pragmatic stepping stone between WPA-Personal and full 802.1X.
See passwordless WiFi →L
LAN
Local Area Network — a network confined to a single site, typically a building or campus. WLAN is the wireless variant.
M
MAC address
A 48-bit hardware identifier burned into every network interface. Historically used to recognise returning devices on guest WiFi; modern phones randomise it per-network for privacy.
MAC randomization
A privacy feature in iOS 14+, Android 10+ and Windows 10+ that generates a fresh MAC address per network. Breaks legacy MAC-based device identification and forces venues onto identity-based methods like Passpoint or social login.
Read the MAC randomization 101 →MU-MIMO
Multi-User Multiple Input Multiple Output — lets a single AP serve several devices simultaneously rather than one at a time. Standard from WiFi 5 onwards; essential in high-density venues.
Read about MU-MIMO →Multi-tenant WiFi
A single WiFi infrastructure shared across multiple tenants — built-to-rent properties, student accommodation, coworking — with each tenant getting an isolated network and separate billing.
See multi-tenant WiFi →O
OpenRoaming
A WBA-led federation built on Passpoint that lets users connect to any participating WiFi network worldwide using a single trusted credential. Operated by Cisco, Samsung, Boingo and others.
See passwordless WiFi →P
Passpoint
The WiFi Alliance certification programme on top of 802.11u (Hotspot 2.0). Certified phones and APs negotiate credentials automatically, enabling cellular-grade roaming on WiFi.
See passwordless WiFi →Passwordless WiFi
Replaces shared passwords (WPA-Personal) with identity-based credentials — certificates (EAP-TLS), per-device keys (iPSK), or federated identity via Passpoint/OpenRoaming.
See passwordless WiFi →R
RADIUS
Remote Authentication Dial-In User Service — the protocol that brokers authentication between an access point and an identity store. The hub of every 802.1X / WPA-Enterprise deployment.
See RADIUS-as-a-Service →S
Splash page
A common term for the first page of a captive portal — the branded landing page that greets a guest before they sign in. Hosts the consent capture, branding, and any pre-roll content.
See captive portal software →SSID
Service Set Identifier — the broadcast name of a WiFi network. Venues typically run two: a guest SSID with a captive portal, and a staff SSID secured by WPA-Enterprise.
Staff WiFi
An employee-only wireless network authenticated per-user with 802.1X, isolated from guest and payment networks. Optimised for identity rather than low-friction sign-up.
See Staff WiFi →V
VLAN
Virtual LAN — a logical network slice on shared physical infrastructure. Guest, staff, and payment traffic typically run on separate VLANs to prevent cross-contamination.
W
WAN
Wide Area Network — a network spanning multiple sites or geographies. Typically the public internet plus any leased lines or SD-WAN tunnels between branches.
WiFi
Trademarked branding for IEEE 802.11 wireless networking. The "Fi" in WiFi is not an abbreviation — it was selected by the WiFi Alliance for sound rather than meaning.
Read what the “Fi” in WiFi means →WiFi 6 / WiFi 6E / WiFi 7
Successive generations of 802.11. WiFi 6 (802.11ax) added OFDMA and BSS colouring; WiFi 6E extended into 6 GHz; WiFi 7 (802.11be) doubles channel widths and enables multi-link operation.
WiFi marketing
Using WiFi sign-ins to capture first-party data, profile visitors, and trigger CRM-driven engagement (welcome emails, post-visit surveys, loyalty enrolment). Standard in hospitality, retail, and venues.
See WiFi for marketing teams →WLAN
Wireless LAN — the wireless equivalent of a wired LAN. WLAN, WiFi, and 802.11 refer to the same family of technology.
WPA-Enterprise
WiFi Protected Access in 802.1X mode — each user or device authenticates against a RADIUS server with a unique credential. WPA2-Enterprise and WPA3-Enterprise are successive versions.
See WPA-Enterprise →Z
Zero Trust Network Access
A security model where no device or user is trusted by default, regardless of network location. Every access request is authenticated and authorised. Passwordless WiFi (certificates, per-device keys) is the WiFi-layer expression of zero trust.
See passwordless WiFi →Need more than a definition?
Talk to our team about how Purple combines guest WiFi, captive portals, RADIUS, and analytics into a single platform that runs on the access points you already own.
