[Terr_]

It's only equivalent if "the password" is fixed and can be used for an indefinite series of "first" connections.

In contrast, imagine that the thing the guest enters into their laptop is a freshly-generated random code which expires within X minutes and can only be used once.

[forward1]

That would be an improvement, but authentication would still be based on a phishable credential vs a cryptographic assertion, and ultimately exploited in the enterprise environment it was designed for.

[etskinner]

The enterprise environment would run the more secure version of it, and the prosumer people would run the less secure version. Doesn't mean the secure version is any less secure