SecurePass Overview

This article explains what SecurePass is, how it works, and how visitors connect to your WiFi. It covers enrolment methods, device compatibility, and how SecurePass differs from a standard captive portal.

OpenRoaming venues

80,000+ venues globally where enrolled visitors auto-connect

Enrolment time

Under 30 seconds for a visitor to install their WiFi profile

Security standard

WPA2/WPA3-Enterprise with 802.1X mutual authentication

Purple App

Free on iOS & Android - no configuration required

What is SecurePass

SecurePass is Purple's identity-based WiFi authentication system. Instead of asking visitors to fill in a form each time they connect, SecurePass issues a digitally signed WiFi profile to the visitor's device. Once installed, the device authenticates automatically - no SSID selection, no password, no portal.

SecurePass is built on the Passpoint (Hotspot 2.0) standard and connects to the OpenRoaming federation, meaning an enrolled visitor's device will also auto-connect at any of 80,000+ participating venues worldwide.

Key concepts

Passpoint / Hotspot 2.0	The Wi-Fi standard that enables automatic network discovery and connection - no SSID selection required. .. more The Wi-Fi standard that enables automatic network discovery and connection - no SSID selection required. Passpoint is a Wi-Fi Alliance standard that allows a device to automatically discover and securely join a trusted network without requiring the user to select an SSID or enter a password. It functions similarly to cellular roaming. less
OpenRoaming	A global federation of 80,000+ trusted WiFi networks managed by the Wireless Broadband Alliance. .. more A global federation of 80,000+ trusted WiFi networks managed by the Wireless Broadband Alliance. A visitor enrolled via SecurePass will auto-connect at any OpenRoaming-enabled venue worldwide - airports, hotels, stadiums, and transit hubs - without any additional steps. less
MAC randomisation	Why captive portal analytics are unreliable on iOS 14+ and Android 10+. .. more Why captive portal analytics are unreliable on iOS 14+ and Android 10+. Since iOS 14 and Android 10, devices rotate their hardware MAC address on each new network connection. Return visitors appear as new users in captive portal analytics. SecurePass identifies visitors by their profile credential, which does not rotate. less

SecurePass vs captive portal

How the visitor experience and venue data change after enabling SecurePass.

Without SecurePassWith SecurePass

Topic	Without SecurePass
Login frequency	Every visit - form required each time, including returning visitors
Return visitor data	Broken by MAC randomisation on iOS 14+ and Android 10+
Encryption	None - open network, traffic transmitted in the clear
Rogue networks	Visitors can be tricked onto spoofed access points and fake networks set up by attackers
Man-in-the-middle	Hackers can intercept data on open networks - phishing and malware attacks target unsecured connections
Network integrity	Unauthorised devices can access the network, increasing risk of vulnerabilities including DDoS attacks
Customer trust	Visitors have no assurance their data is safe when connecting to open WiFi
Global reach	Your venue only

Visitor journey - every visit

Arrive→Find SSID→Hit portal→Fill form again→Finally online

Topic	With SecurePass
Login frequency	Once - device auto-connects on every subsequent visit
Return visitor data	Accurate - profile credentials are stable and never rotate
Encryption	Every connection is encrypted, keeping personal data safe from unauthorised access
Rogue networks	Devices only connect to pre-vetted, trusted networks - spoofed access points are blocked at the authentication stage
Man-in-the-middle	Mutual authentication prevents data interception - phishing and malware attacks targeting open WiFi are neutralised
Network integrity	Only authenticated devices can connect, preventing unauthorised access and reducing DDoS vulnerability
Customer trust	Venues build trust by offering secure, seamless WiFi - visitors feel safe connecting
Global reach	Auto-connects at 80,000+ OpenRoaming venues worldwide
Customer engagement	Seamless connectivity means higher visitor satisfaction and more valuable CRM data captured at point of connection.

Staff WiFi

Staff log in once with their existing corporate credentials via SSO. Their devices connect automatically from then on - and when they leave the company, access is revoked automatically. No passwords, no tickets, full audit trail.

Learn more →

Visitor journey - after enrolment

Arrive→Connected automatically - encrypted from the first packet

How it's accessed

Three enrolment paths - all resulting in the same outcome: a WiFi profile installed on the visitor's device.

Recommended - free

The Purple App

Visitors download the free app and install their WiFi Pass in under a minute. No configuration required.

At your venue

Portal, URL & QR code

Enrol visitors via the portal success page, or before arrival via a link or QR code.

Developer option

SecurePass SDK

Embed WiFi enrolment into your own branded app. Requires Engage licence.

Use cases

How SecurePass is configured across different venue types.

Rail & Transport

Enrolling passengers before they board

Rail operators can integrate the SecurePass SDK into their existing passenger app, allowing travellers to install their WiFi profile during app onboarding. Passengers are enrolled before they board - reducing support queries and improving onboard connectivity from the first journey.