Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals
HCI Today summarized the key points
- •This is a study comparing the usability of passkeys and passwords for Wi-Fi authentication based on captive portals.
- •The research team conducted a controlled experiment with 50 participants on both Android and Windows, comparing registration and login tasks.
- •Overall, passkeys appeared to be easier to use than passwords, but no statistically significant difference was found.
- •Regardless of the authentication method, captive portal constraints increased error rates and worsened the user experience, and platform-specific issues were also revealed.
- •The authors suggest improving Wi-Fi authentication usability through a usernameless flow, better portal detection, and UI changes.
This summary was generated by an AI editor based on HCI expert perspectives.
Why Read This from an HCI Perspective
This article is worth reading from an HCI perspective not only because it highlights the security advantages of passkeys, but also because it directly tackles usability issues in the real touchpoint: the captive portal. In particular, it shows how, under the time pressure of connecting to a network, errors, platform constraints, and the guidance flow accumulate into the overall experience. This makes it meaningful for both practitioners designing authentication UX and researchers.
CIT's Commentary
From a CIT perspective, this study clearly demonstrates that user experience is shaped less by the ‘superiority of one authentication method over another’ and more by ‘friction at system boundaries.’ Passkeys may be the better option, but usability can swing dramatically the moment OS, browser, and network control layers become intertwined—such as with Android’s mini-browser. This suggests that improving the UX of individual components alone is not sufficient. In addition, the design that required username input partially obscured the potential of usernameless flows. Therefore, in real deployment environments, end-to-end experience design is needed—not only considering whether WebAuthn is supported, but also captive portal detection, browser switching, status feedback, and recoverability. Academically as well, the evaluation unit for secure authentication should be expanded from ‘login success rate’ to the ‘experience of completing a connection.’
Questions to Consider While Reading
- Q.To leverage passkeys’ advantages in captive portal environments, how far can a usernameless flow (removing username input) realistically be applied?
- Q.When platform constraints exist—such as with an Android mini-browser—what kind of feedback design is most effective at helping users understand and follow the browser switch?
- Q.When translating this study’s lab results to real public Wi-Fi contexts like airports, hospitals, and large events, what variable is likely to change the most?
This commentary was generated by an AI editor based on HCI expert perspectives.
Please refer to the original for accurate details.
Subscribe to Newsletter
Get the weekly HCI highlights delivered to your inbox every Friday.