A captive portal is a method of authentication used to verify that a user has permission to access the Internet connection. This method of authentication requires the user to open a web browser. The web browser is then directed to a special web page that may require the user to login, input payment information, or agree to an acceptable use policy. This method of web browser authentication is commonly used by Wi-Fi hotspots.
This type of authentication prevents users connected to the network from connecting to any Internet service prior to visiting the captive portal. This requires the captive portal to ignore all packets sent from the client computer until the user opens a web browser and completes the authentication process. This prevents users from accessing other Internet services, such as instant messaging clients, until they have completed the authentication process.
A captive portal is often used to force a user to agree to the network's terms of use before being able to access the connection. This is thought to help release the network provider from liability arising from the user's use of the network. Users that violate the terms of use may find their access limited or disconnected.
Most captive portals use a relatively simple system for authenticating users using an SSL (Secure Sockets Layer) login page. Upon the user successfully being authenticated, the IP (Internet Protocol) and MAC (Media Access Control) address of the user's computer is then added to a list of users that may access the system. This system is unsecure and may be used by malicious users to circumvent the captive portal. By using the IP and MAC address of an authorized user, malicious users can then access the network connection. Any actions taken by this malicious user while on the network will appear to have been made by the authorized user.
The lack of security in the traditional model for captive portals has led to many developers creating more elaborate methods of captive portal authentication. These methods vary between programs. All of the methods seek to limit the risk that a malicious user may gain unauthorized access to the network.
A captive portal can be an effective means of securing access to a network. The way a captive portal works, however, prevents users from accessing the network on platforms that do not provide a web browser. This includes some wireless gaming platforms that allow access to Wi-Fi networks for multiplayer games.