[throw0101b]

> Every time I have to interact with a "captive portal", I'm annoyed at the hack implemented through DNS hijacking, rather than implementing and extending 802.1X and/or another layer-2 authentication scheme. The idea seems to have been tossed aside entirely.

It has not: it's simply easier (less infrastructure) to not implement 802.1X.

Basically every corporate / enterprise-y password where you use your AD/LDAP credentials to log into Wifi has gone through the effort. Not everyone wants (or needs) to do that. (Source: recently implement 802.1X as IT when we moved to a new work office.)