MAC Address Developments to Understand for Hotel Wi-Fi Networks

Guest experiences rely heavily on reliable and fast Wi-Fi networks, especially with all of the technologies being brought onto the hotel property for video conferencing, gaming and content streaming. The Wi-Fi networks must also support all of the new on-property technology added for staff efficiency and better satisfaction scores. However, one major obstacle is impacting the experience: changes within the devices themselves. Let’s take a look at what’s happening.  

Previously, Wi-Fi networks within hotels largely depended on the static hardware Media Access Control (MAC) address of individual devices as part of the authentication and onboarding process. In a push to better safeguard Personally Identifiable Information (PII) and block the ability to track an individual device, there has been a move toward increased user privacy and more ethical data collection. Operating systems including iOS, Android and Windows have increasingly rolled out measures that support these safeguards. The most disruptive is MAC address randomization. This article outlines what has changed as we enter 2022. 

Until 2020, this was an optional setting that users could switch on. But now, with Apple leading the way, the main operating systems activate this setting by default. 

While people have more privacy, their devices will switch MAC addresses at regular intervals or with every SSID change and appear as “new” devices to Wi-Fi networks. At best, and depending on the login journey, this will require re-authentication each time the MAC address changes. This is causing major friction for hotel guests when they authenticate to the network for their week-long stay and are forced to re-authenticate each day due to the network thinking the device is new every time the MAC address changes.

Figure 1 below provides the status of MAC address randomization implementation across the major operating systems that began in January 2022.

Figure 1. MAC Address Randomization by Operating System

Figure 1. MAC Address Randomization by Operating System

iOS 15

MAC address randomization is switched on per SSID by default for users. This sees a new device MAC address generated for use with every Wi-Fi network.

Android 12

The same user experience is true for Android 12 as iOS 15, but users can choose to rotate the device’s MAC address every 24 hours through their settings for extra privacy.

Windows 11

MAC address randomization is off by default. Users can enable it within their Wi-Fi settings. Users also have the option to rotate the MAC address every 24 hours when manually switched on.


Late in 2021, the ChromeOS development team stated that they were also working on MAC address randomization, and will begin to introduce this feature in 2022.

Addressing the Challenge

There is no one-size-fits-all way to manage and mitigate the effects of these changes. However, many hotels are adopting a standard, created by the Wi-Fi Alliance, called Passpoint. 

Passpoint has been proven beneficial in numerous other areas of travel and is increasing in popularity with hotels. 

The Passpoint (Hotspot 2.0) Approach

Passpoint is a mature industry standard that allows devices to connect seamlessly to – and roam between – available Passpoint-configured Wi-Fi hotspots. It does not rely on MAC addresses or SSIDs. The standard is designed with user privacy and security at its core and is a compelling way to future-proof compatible devices.

Using Passpoint provides a “mobile-like” Wi-Fi experience by removing the hurdle of finding, selecting and registering with each Wi-Fi network while increasing security and privacy compared with traditional hotspots. This helps with guest experiences by offering automatic access at every visit into the hotel, its affiliated restaurants and convention centers, and any property across a specific brand. They are automatically recognized, authenticated and granted access, which offers new marketing, personalization and upsell opportunities, in addition to the convenience for guests.

Hyatt, for example, is implementing Passpoint at their properties worldwide. This means, any time a guest steps into any Hyatt property, they will be instantly and securely connected. Hyatt talks more about it in this workshop replay at HT-Next.

How it works: Following a simple one-time onboarding process that can be facilitated by mobile applications, users download the required credentials and security certificates onto their mobile devices. From that point on, connection to Passpoint-capable networks is secure and automatic.

The Good News

Although an impending and disruptive feature, hotels and guests don’t need to be limited by the effects of MAC address randomization. Feel free to reach out to learn more about what Nomadix Passpoint can offer for your hotel.


Dr Spencer is the Chief Information Security Officer at Nomadix & GlobalReach Technology and has been a technology leader in the Wi-Fi industry for well over two decades. Previously the Chief Technology Officer for GlobalReach for over 20 years, his team helped to design and build some of the world’s largest secure Wi-Fi networks, allowing seamless connectivity for users.

A recognized thought leader in best-practice secure, seamless sign-on experience, and the use of Passpoint (Hotspot 2.0), Chris has been involved in the specification, and delivery of Next Generation Hotspots (NGH), and leads and co-leads several industry working groups for the Wireless Broadband Alliance (WBA), Hospitality Technology Next Generation (HTNG) and the Seamless Air Alliance (SAA).