In modern public spaces such as airports, shopping malls, hotels, and cafes, open wireless networks that simply require selecting a name from a list are becoming increasingly rare. They are being replaced by authentication systems, where internet access is granted only after the user's identity is confirmed. The most common and convenient method today is authorization by phone numberThis approach not only provides a basic level of network security but also allows telecom operators or business owners to identify users for compliance purposes.
The connection process may seem simple at first glance, but users often encounter technical nuances that prevent the data entry window from appearing. Captive Portal The login page, which is the technical name, may not load due to browser security settings or the specifics of your smartphone's operating system. Understanding how this system works will help you avoid wasting mobile data and quickly access the resources you want.
In this article, we'll take a detailed look at the mechanics of these networks, examine how to configure routers to provide such access, and offer effective solutions to common issues. You'll learn why the login page sometimes doesn't appear automatically and how to force it to appear on various devices. We'll also touch on the security of personal data transfer on public networks.
How Captive Portal Works and the Authorization Mechanism
The technology a user encounters when attempting to connect to public Wi-Fi is based on an HTTP request redirection mechanism. When a device connects to an access point, the router intercepts all requests to external resources and redirects them to a special page— Captive PortalThis is where the system requests a phone number to send an SMS with a confirmation code or password. This process ensures legitimate use of the network.
It's important to understand that until successful authorization, your traffic is completely blocked or limited to access to the telecom operator's servers. Modern systems, such as Wi-Fi Tribe, MikroTik HotSpot or solutions from Ubiquiti, allow you to flexibly configure access rules. For example, you can allow access to instant messaging apps without entering a phone number, but require authorization to visit websites.
⚠️ Caution: When entering your phone number on public networks, remember that you are sharing your personal information with the hotspot owner. Ensure that the network belongs to a trusted organization and is not a spoofed hotspot used by malicious users.
The number verification mechanism typically works through an SMS gateway. After entering the numbers in the form field, the request is sent to the server, which generates a unique code and sends it to the user. Entering this code completes the process, and your device's MAC address is entered into white list (whitelist) for a specified period of time. This means that logging in again within a specified period (hour, day, or week) will no longer require entering data.
Step-by-step instructions: how to log in via SMS
The authorization process is standardized, but may have visual differences depending on the equipment used. In most cases, the user doesn't need to perform any complex steps, but knowing the algorithm will help you proceed with confidence. First, you need to activate the Wi-Fi module on your device and select the desired network from the list of available connections.
Once connected, the system will automatically attempt to open a browser. If this does not happen, manually launch any web browser and attempt to access any website, such as http://example.com or http://captive.apple.com (for Apple devices). It is important to use the protocol HTTP, rather than secure HTTPS, since an unsecured request is easier for a router to intercept and redirect.
- 📱 Open Wi-Fi settings and tap "Connect" to the desired network.
- 🌐 Wait for the login page to open automatically or open the browser manually.
- 🔢 Enter your mobile phone number in the format shown on the screen (often without the plus sign or with the country code).
- 📨 Receive an SMS with a code and enter it in the appropriate field on the page.
In some cases, especially on Android, the system may warn you that "The network has no internet access." This is normal until authorization is complete. Don't disconnect from the network too quickly, as the login form will be loaded over this connection. If you have a VPN installed, you should temporarily disable it, as it blocks redirection to the authorization portal.
☑️ Pre-authorization verification
Setting up phone number authentication on a MikroTik router
For business owners and network administrators, the most popular solution for organizing guest access is equipment MikroTik. Setting up HotSpot On these devices, it allows for authentication through SMS gateways from various providers. This requires an account with the SMS service provider and basic knowledge of the command line or interface. WinBox.
The first step is to create a HotSpot profile and configure the server. In the section IP -> HotSpot You need to configure network parameters, address pool, and DNS. The key is setting up the HTML form that will be displayed to the user. Standard form files can be edited to add a phone number field, or you can use ready-made templates from authentication providers.
Integration with the SMS gateway is usually done through scripts PHP or Lua, which send an HTTP request to the service provider's API. The configuration requires specifying the username, password, and sender name. After successful number validation, the script returns a positive response, and the router authorizes the user's session.
| Setting parameter | Description | Recommended value |
|---|---|---|
| Server Address | HotSpot interface IP address | 10.5.50.1/24 |
| DNS Name | Domain name for redirect | wifi.provider.com |
| HTTP Port | Port for intercepting requests | 80 |
| Keepalive Timeout | Client activity verification time | 5m |
It's worth noting that for SMS authentication to work reliably, the router must have a stable internet connection via a WAN channel separate from the guest network. This will allow requests to external API gateways to be sent without interruption.
Secrets of Setting Up a Walled Garden
Walled Garden is a list of addresses accessible to users without authorization. It must include the domains of your SMS gateway and OS update servers (e.g., .apple.com, .windows.com) so that devices can function correctly before logging on to the network.
Why the authorization window doesn't appear: reasons and solutions
The most common problem users encounter is the lack of a pop-up window with a number entry form. Modern operating systems, such as iOS 15+ And Android 12+, have enhanced security settings that block automatic redirects to unverified pages. This is designed to protect against phishing, but often interferes with legitimate login.
Often the reason for blocking is the use of a protocol HTTPS By default. Browsers attempt to establish a secure connection to the site you're trying to access (e.g., Google.com), but the router's server can't provide a valid security certificate for that domain. As a result, the connection is dropped, and the login page doesn't load.
- 🚫 Ad blockers: Extensions like AdBlock can block redirect scripts. Disable them while connected.
- 🔒 Private DNS: Your Android settings (Private DNS) may contain an address (e.g., dns.google) that bypasses your router's local DNS. Temporarily disable this feature.
- 📡 Caching: Old network information may be interfering. Try forgetting the network in your Wi-Fi settings and reconnecting.
An effective method is to manually enter the address. In the browser's address bar, type the gateway IP address (often 1.1.1.1, 8.8.8.8 or the address specified in the connection status) or use a special domain, for example http://connectivitycheck.gstatic.com/generate_204This will force the interception process to begin.
⚠️ Note: If you use Incognito or Private Browsing mode, some autofill or session saving features may not work, but this also eliminates the influence of cache and extensions, which is useful for diagnostics.
Authorization Features on Android and iOS
Mobile platforms handle Captive Portal signals differently. Devices Apple When connecting to Wi-Fi, they automatically send a request to a special address captive.apple.comIf the router is configured correctly, it will respond with a redirect, and the system will open the system login window. If this doesn't happen, an exclamation point icon may appear next to the network name in the control center (where Wi-Fi is).
On devices Android The mechanism is similar, but more variable due to the diversity of manufacturers' shells. The system checks for internet access by querying Google's servers. If no response is received, a "Login required" notification appears. Clicking this notification should open the browser. However, if mobile data is enabled, the phone may ignore Wi-Fi, assuming it's not working.
For successful authorization on iOS, it is recommended:
- Make sure the "Auto-login" switch is turned on in Wi-Fi settings.
- When the system window appears, click “Continue” or “Log on to the network”.
- If the window does not appear, open Safari and go to
http://apple.com.
Security issues and personal data protection
Using a phone number to log into a network creates a digital footprint. The hotspot owner receives information about when and where you were, as well as your contact number. While this is necessary to comply with data retention laws, users should exercise caution. Data transmitted in cleartext (without HTTPS on the login page) could theoretically be intercepted if an attacker is located within the same network.
Modern standards require encryption even on login pages, but outdated systems are common in public places. After successful login, it is recommended to use VPN connection to encrypt all future traffic. This will protect your passwords, correspondence, and banking data from potential eavesdropping.
You should also be wary of phantom access points with names similar to legitimate ones (for example, "Airport_Free_Wi-Fi" instead of "Airport_Official"). Attackers can create a fake login portal that will collect phone numbers for subsequent spam or fraud. Always confirm the network name with the establishment's staff.
Frequently Asked Questions (FAQ)
What should I do if I don't receive an SMS with a code within 5 minutes?
Check your SIM card balance and cellular signal strength. Make sure the number is entered in the correct format (without extra zeros or including the country code). If the issue persists, try requesting the code again in 2-3 minutes or contact your network administrator, as the operator's gateway may be temporarily overloaded.
How long is phone number authorization valid?
The session expiration period is set by the network owner and can range from 30 minutes to 30 days. Typically, if you reconnect within this period, the system will recognize your device by its MAC address and allow you to access the internet without re-entering the password.
Is it possible to log in via instant messengers instead of SMS?
Yes, many modern systems (for example, based on UAP or specialized billing) offer an alternative: authorization through WhatsApp, Telegram or ViberThis is often free and faster, but requires mobile internet to receive the message in the app.
Is it safe to enter your phone number on public Wi-Fi?
It's relatively safe if the network belongs to a reputable brand or institution. However, your phone number is private. If you're concerned about privacy, use mobile data or buy a SIM card from a Wi-Fi provider, if available.