[diebeforei485]

Captive portals suck, I agree.

However, isn't it a better trade-off to have a network password? Even something trivial like "123456" that isn't hard to spell for guests who may speak a different language?

It does add a small amount of friction, but network passwords can be embedded in a QR code (unlike captive portal passwords) so at least it should work for mobile devices.

[Nextgrid]

What’s the point? An attacker would still be able to set up their malicious AP with the same encryption key and be able to tamper with traffic as if there wasn’t any encryption to begin with. In this case the encryption adds friction and degrades user experience while not improving security in any way.

[presumably]

Requiring the attacker to be active to view traffic, rather than passive (broadcasting it openly) is a very real security improvement.