Transforming Guest WiFi from Shared Risk to Individual Security
How AirStars replaced Meraki's unreliable captive portal with FreshPass IPSK for secure, time-limited visitor access
The Guest WiFi Security Problem
A large organization with daily visitors approached AirStars with a common but critical security challenge: their Meraki captive portal was unreliable, and reception staff couldn't practically carry guest WiFi passwords for every visitor group.
The traditional approach—sharing a single PSK (Pre-Shared Key) across all guests—meant everyone's traffic was encrypted with the same password. Once shared, that password could be used indefinitely by anyone who had it, creating a significant security vulnerability that needed AirStars' expertise to resolve.
Security and Usability Challenges
Security Issues
- • Shared PSK across all guests
- • Passwords never expired
- • No individual user accountability
- • Unreliable Meraki captive portal
- • Traffic encrypted with same key
Operational Problems
- • Staff couldn't carry passwords around
- • Manual password distribution
- • No visitor session management
- • Inconsistent guest experience
- • Administrative overhead
FreshPass IPSK Solution
AirStars implemented FreshPass with Meraki's IPSK (Individual Pre-Shared Keys) capability, eliminating the need for RADIUS infrastructure while dramatically improving security and user experience.
How It Works
- Reception staff tap tablet portal to generate new QR code
- Each visitor group gets unique IPSK credentials
- QR codes display SSID, password, and expiration time
- Credentials expire after administrator-defined period (30 minutes to several hours)
- New credentials automatically generated for next visitor group
- Group policy applied to SSID for controlled network access
Learn more about FreshPass at freshpass.today
AirStars' implementation replaced Meraki's unreliable captive portal with a robust, security-first approach that gives each visitor group their own encrypted session while maintaining the simplicity that reception staff needed.
Security Transformation
The security improvement is fundamental: instead of everyone sharing the same password indefinitely, each visitor group receives individual credentials that expire automatically.
Before: Shared PSK
- • Same password for all guests
- • Never expires
- • Can be shared indefinitely
- • No individual accountability
After: Individual IPSK
- • Unique password per visitor group
- • Automatic expiration
- • Time-limited access window
- • Individual session tracking
Credentials are only available through the QR portal for 5 minutes after generation, ensuring the next visitor group gets completely fresh, secure access.
Simple Workflow, Maximum Security
The FreshPass solution transforms complex security into a simple tap-and-scan experience for both staff and visitors.
1. Tap to Generate
Reception staff simply tap the tablet screen to generate a new QR code with unique credentials for incoming visitors.
2. Scan & Connect
Visitors scan the QR code to automatically connect, or manually enter the displayed SSID and password for laptop users.
3. Secure Access
Each group gets encrypted access with individual credentials that automatically expire after the administrator-defined period.
Measurable Impact
AirStars' FreshPass implementation delivered immediate security and operational improvements while maintaining the simplicity that reception staff needed.
Through AirStars' implementation, the organization now has a reliable, secure guest access system that scales effortlessly with their daily visitor volume while providing enterprise-grade security through individual session management.
Technology Stack
Core Components
- • FreshPass.today portal
- • Cisco Meraki wireless infrastructure
- • IPSK without RADIUS requirement
- • Tablet-based QR code generation
Key Features
- • Individual credential generation
- • Administrator-controlled expiration
- • Group policy enforcement
- • Automatic session management
Ready to Secure Your Guest WiFi?
Transform your visitor experience with individual credentials, automatic expiration, and enterprise-grade security that's simple for staff to manage.