iPass has demonstrated its client connecting over 802.1X on a hotspot front-end that supports the Generic Interface Specification (GIS) which allows co-exists with browser page logins: This marks a big leap forward in security of local network links in public places. By providing the iPassConnect client with the ability to use secured 802.1X/EAP transactions to gain access to a hotspot network, iPass customers can have a unique key assigned to their network link. This prevents sniffers from using the wireless side of the network to snoop on traffic.
iPass developed GIS as a way of securing an authentication session, but the more generic 802.1X protocol coupled with secured EAP is a simpler and more industry standard way to provide access to a Wi-Fi network. iPass's demo shows that GIS, 802.1X, and browser-based logins can co-exist which makes it easier for hotspot operators to migrate customers over time to more secure logins and sessions.
The weak link in 802.1X/EAP is that while it provides a unique encryption key to each user in its most useful form, because users are then routed onto a wired network to reach the Internet, if a user can join the network, they can still sniff bridged traffic from the wired side because they're part of the local area network. Some access points can be configured to disable LAN access and only allow Wi-Fi clients to reach the wide area network or Internet feed.