T-Mobile will use 802.1X authentication to secure local Wi-Fi links: Nancy will have more on this story later today -- she filed a brief with the Seattle Times this morning about it -- but I wanted to push out a more general note.
Security at hot spots has been one of the bugaboos of the industry. 802.1X authentication with secured EAP (in this case, Protected EAP or PEAP) allows the secure login of a user and then secure exchange of unique WEP or WPA encryption keys.
This means that a T-Mobile user with Windows XP using a software update that Microsoft promises for early next year will be able to have their own separately encrypted local channel. Unless T-Mobile has made mistakes on the gateway side that would allow employees to tap into the access point or router -- which seems a much lower threshold of worry -- customers with the right software and without VPN access suddenly have a very high degree of local link security and integrity.