We have an non-encrypted wireless access point hanging off an interface dedicated for visitors to the office and managed by Captive Portal.
The visitors who need internet access can ask at reception for a username and password, all works well - so far so good.
However, we cannot justify buying a commercial SSL certificate for the CP login page.. I'm guessing it would be trivial for somone to sniff the login credentials (and all traffic) since the access point is open.
Short of encrpting wifi at the access point meaning users would have to login twice, is there anything else I could do?