[CKN23-ARIN]

Many ways to do this.

Make the password widely-known. Announce it over the intercom. Post it on the walls.

Offer both encrypted and non-encrypted SSIDs. The non-encrypted SSID could even just be a captive portal with instructions to connect to the encrypted SSID.

If you're feeling wild, use WPA2 Enterprise, and accept any credentials.

[icebraining]

"WPA and WPA2 don't provide forward secrecy, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past, which could be passively and silently collected by the attacker. This also means an attacker can silently capture and decrypt others' packets if a WPA-protected access point is provided free of charge at a public place, because its password is usually shared to anyone in that place. In other words, WPA only protects from attackers who don't have access to the password."

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Lack_of...

[CKN23-ARIN]

Notably, this is only a problem for WPA2-PSK, not WPA2-Enterprise. But, fair enough -- this does render my first suggestion unsuitable.

[0xf00d]

Doesn't the widely-known password render the encryption useless to anyone that has captured the 4-way handshake at the beginning of your WIFI-session? With the PSK and your session keys an attacker can decrypt your traffic if I remember it correctly.