The current WiFi access control framework descends from solutions conceived in the past for dial-up scenarios. A key difference between the two worlds is mobility: dial-up handles nomadic users, while modern wireless networks support continuous mobility through always-on personal devices. Not surprisingly, WiFi authentication does not exploit mobility in any way; on the contrary, mobility is perceived as a problem to be fixed by some fast-handoff solution. Though fast-handoff is indeed an open issue, mobility may even help to build security systems. The paper describes a decentralised access control framework for WiFi networks that exploits mobility to avoid a central authority to be always online.