WPA2-enterprise (eduroam or not) has three main benefits and a cool side effect:
1) You know who is on, one user at a time. How do you know this? You know that the device is using a particular user’s id/pass and/or was on-boarded using their account. You have no way to verify that the device belongs to the actual owner. One could make the same claim of PPSK (I know who you are based on your PPSK passphrase), but just like WPA2-ent, there is nothing to prevent another user from on-boarding a device for a friend. 2) the user knows what network it is (since the infrastructure certificate is verified) It’s been demonstrated over and over that most users will simply click past prompts, even when the prompt clearly shows something is wrong i.e. a user presented with a bad certificate is likely to just accept it (or disable the verification of the cert). 3) It’s automatic..no pesky portal to deal with This is also a case for PPSK and/or an open network. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
