I was at Disneyland last week and stayed at one of their hotels - and all the guest Wi-Fi networks were passwordless and therefore insecure. Ditto the free WiFi at the airports at both ends; oh, and the in-flight Wi-Fi too. While walking around the park my iPhone listed a bunch of passwordless mobile hotspots too.

Are you thinking of captive-portals with logins/passwords? (E.g. Mariott/Hilton “Enter your room-number and last-name” portals) - I assume you’re aware that’s only used to authenticate after the WiFi connection is already established?

———

(I really hope that I’m wrong on this; but I’m not aware of any modern wifi standards that address this…. Of course, corp/edu networks can just use RADIUS or a client-certificate (which works on wired networks too).

Also, it’s surprising we still haven’t figured out getting TLS to work with home-user-grade routers’ control-panels…

This is absolutely not true in the US. All major hotel chains have no encryption, airports do not, Starbucks doesn’t, etc.

It’s usually small businesses that opt for a WPA pass phrase because that’s easier to setup than the captive portal nonsense that all of the big companies use.