A client device for use with a gateway device (or a Wi-Fi APD) with a key stored therein and an external server where an original singe sign on (SSO) password is stored. The client device transmits a one time password (OTP) request to the external server, obtains the OTP from the external server, transmits the OTP to the external server to authenticate the client device, transmits an encrypted SSO password request to the external server, onboards the gateway device using a temporary password, receives the encrypted SSO password from the external server, obtains the key from the gateway device, decrypts the encrypted SSO password using the key to obtain the SSO password, and changes the temporary password of the gateway device to the original SSO password.