EDUROAM- Frequently Asked Question
Eduroam will never show a webpage asking for your username and/or password. This is a sign that someone is attempting to hijack your password – do not use any network that requests this information.
Eduroam is based on the most secure encryption and authentication standards in existence today. Its security by far exceeds typical commercial hotspots.
Whether you’re moving across campus or spending time studying or working at another research and education institution, eduroam gives you seamless internet connectivity. More than 10,000 eduroam hotspots are available at universities, research centers, academies, many schools, and other research and education institutions in more than 100 territories around the world. As eduroam grows, more and more hotspots are appearing in additional places such as libraries, museums and public spaces such as railway stations and coffee shops.
Thanks to global agreement, the eduroam Wi-Fi roaming service is free-of-charge to users.
With eduroam installed on your laptop, mobile phone or other device there’s no need to request special accounts or borrow other people’s IDs – just activate your device and you should be online. eduroam’s secure and privacy-preserving technology means that there is no need to enter usernames and passwords through insecure web browser forms. Your device will identify a valid eduroam access point and log-in automatically. Your password is never shared with any of the access points. Your password for your online identity is provided to you by your ‘home’ institution – where you are enrolled in study or are employed. Wherever you see ‘eduroam’ appear in your list of Wi-Fi networks, you can get online.
No. Web Portal, Captive Portal or Splash-Screen based authentication mechanisms are not a secure way of accepting eduroam credentials, even if the website is protected by an HTTPS secure connection. The distributed nature of eduroam would mean that many different pages, languages and layouts would be presented to eduroam users making it impossible to distinguish between legitimate and bogus sites (even a consistent layout can be mimicked by an adversary). eduroam requires the use of 802.1x which provides end-to-end encryption to ensure that your private user credentials are only available to your home institution. The certificate of your home institution is the only point you need to trust regardless of who operates any intermediate infrastructure. Web portals require you to trust their infrastructure as they receive your password in clear text, this breaks the end-to-end encryption tenets of eduroam.