T-Mobile's Hotspots Are Secured

By Eric Griffith

October 05, 2004

T-Mobile's public Wi-Fi isn't just for enthusiasts any more—the company hopes that deploying 802.1X-based authentication at all of its U.S. locations will get corporations to sign on.

Nervous about the security of your data while using wireless at a public venue?

T-Mobile Hotspot's nationwide deployment of 802.1X authentication before users can go online is meant to alleviate those fears—and pull in the business customers, too.

The company—the public Wi-Fi arm of Deutsche Telekom AG's T-Mobile USA— said today that it has officially completed the upgrades to support 802.1X in the access points at its 4700 domestic locations, one year after announcing plans to do so.

"We are very deliberate about our moves at T-Mobile," says Mark Bolger, director of brand marketing for T-Mobile Hotspot, in explaining the timeframe of the install. "We wanted to make sure it would deploy across the breadth of the network and [we wanted to] do it right. So we took deliberate time."

To use the new authentication, users need only get the new T-Mobile Connection Manager software, version 1.5. It will utilize a subscriber's username and password to authenticate the user using the 802.1X specification (which checks in with a central RADIUS server). This security goes the extra mile by encrypting data between the wireless client and the access point hardware in the hotspot once you're logged in.

The software can be obtained as a free download, or on CDs found at T-Mobile Hotspot venues. Bolger says it solves the three major headaches that hotspot users face: Finding a hotspot (using the software's internal "phone book" of locations), connecting to a hotspot, and, at last, security.

Current Connection Manager software users will get a prompt to make the upgrade, and all existing T-Mobile Hotspot subscribers are encouraged by the company to get the utility. However, users who don't have security worries can still log in through a Web page.

If you don't have the right hardware—namely, a client system with support for 802.1X and Wi-Fi Protected Access—the Connection Manager will still connect you, but with the same open authentication as before.

Bolger says that the move to 802.1X at a hotspot "could be the tipping point for corporate adoption. It directly addresses issues in remote access for them. We've supported VPNs (virtual private networks ) for some time, but with 802.1X, it's enhanced."

T-Mobile had kept a tight rein on its network and allowed little roaming, until earlier this year when the network became part of the footprint used by the corporate subscribers of iPass , which provides its own security and connection software for customers. It would seem that a closer focus on enterprise customers might put the two companies in conflict, but Paul Lopez, senior product manager of advanced technology for T-Mobile Hotspot, says, "We have a fluid partnership with iPass...it's not competitive."

However, he did add that corporations worried about pricing differences would find that the T-Mobile offering "compares price-wise" with what iPass has.

T-Mobile Hotspot subscribers can roam onto airport hotspots operated by AT&T Wireless in Philadelphia and Denver -- and, in the future, San Francisco.

The men didn't want to speak for Deutsche Telekom's overseas arms, such as T-Systems, but did say they are on a different schedule for deployment. Lopez says the "intention over time is to perpetuate" use of 802.1X.

In the long run, the new security might be great, but it is only as good as what the end user decides to use -- and T-Mobile knows it. Bolder says, "We're still encouraging end users to be partners in the security process." The company offers tips for safe surfing practices over wireless on its Web site.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.