How do I identify an airport’s official free Wi-Fi network?

I work at an airport in the UK. I would say that, unless the name of the public wifi is stated on advertising signage, the best thing to do is the ask a member of airport staff if there is anyone around, or head to the passenger information desk. I don't think there is any technical way to figure out which one is the official airport wifi. The airport's website may have also published the name of the wifi network in the visitor information section.

After connecting to the airport’s WiFi, you are often (as is the case at the airport where I work), redirected in your browser to a registration page, so you can log on to the WiFi faster when you visit the airport again in the future.

While it's not a foolproof method, walking around and watching which network remains available is a way to figure out the official one if there are multiple possibilities. It's unlikely that an illegitimate network would be set up to cover the whole airport.

Non-paranoid solution: Ask an airport employee or check the airport's website.

Summary: While it's a good idea to be mindful about network security, joining the "official" WiFi network doesn't make your connection any more secure. Instead, use a VPN or stick to fully encrypted services, such as HTTPS websites. For more details, see the rest of the answer below.

If the network is open access and doesn't require a key to join, then all packets are unencrypted and absolutely anyone can sniff out everyone else's traffic. If there's a key, things are a bit more difficult, but likewise not secure. To quote an excellent answer from SuperUser.SE:

With WEP encryption, it's super simple. Everything's encrypted with the key you needed to know to get on the network. Everyone on the network can decode everyone else's traffic without even trying.

With WPA-PSK and WPA2-PSK, it's a little trickier, but not too hard. WPA-PSK and WPA2-PSK encrypt everything with per-client, per-session keys, but those keys are derived from the Pre-Shared Key (the PSK; the key you have to know to get on the network) plus some information exchanged in the clear when the client joins or re-joins the network. So if you know the PSK for the network, and your sniffer catches the "4-way handshake" another client does with the AP as it joins, you can decrypt all of that client's traffic. If you didn't happen to capture that client's 4-way handshake, you can send a spoofed de-authenticate packet to the target client (spoofing it to make it look like it came from the AP's MAC address), forcing the client to fall off the network and get back on, so you can capture its 4-way handshake this time, and decrypt all further traffic to/from that client. The user of the machine receiving the spoofed de-auth probably won't even notice that his laptop was off the network for a split second.

There is also an issue with the recently discovered KRACK attack, which makes it possible to decrypt traffic on unpatched clients even if you don't know the network's password. However, it's not too relevant for public WiFi, as everyone in the area knows the pre-shared key.
If we go beyond simple traffic capturing there are various MITM attacks including ARP cache poisoning, DNS spoofing, HTTP session hijacking, fake captive portals, etc. Some of them are possible even without running a rogue access point. And if someone does run a fake AP they might as well use the official SSID to stay undetected.

The only way to be truly protected is to use a VPN whenever you are joining an untrusted network or at least use websites with SSL to avoid someone sniffing out your private data. Using a VPN can also have the benefit of making sure you're always seeing the Internet as if you're browsing from home, rather than facing arbitrary censorship and regional restrictions on online content.

Even if you know the name of the official WiFi network there is practically no guarantee of security from connecting to the correct one.

• Anybody in the airport could set up another access point with the same name. It could even provide you with internet access looking exactly the same as the official network would have.
• Even if you are connected to an official access point your internet traffic could be routed through another computer connected to the access point. (ARP spoofing, DNS cache poisoning, and router advertisements from other connected devices are some of the ways that could happen)
• Even if your traffic is routed through the intended gateway there is the possibility that it is compromised through either a security vulnerability or a malicious employee.
• Even when none of the above happens there is usually no encryption at the WiFi layer on public hotspots.

Due to the above reasons you are better off relying on protocols that provide protection at a higher layer. That would usually mean that all your traffic will be using one of HTTPS, VPN, or SSH.

Be aware that if the network requires payment there are additional risks to take into account. That you get redirected to an https protected site is only a partial assurance of security since you probably don't know in advance what the correct domain name of the https site would be.

Even if you are on the correct payment site https only protects what goes through that site (so your credit card would be protected against leaking as long as the payment site itself is trustworthy). What it does not guarantee is that what you are paying for is internet access for your own computer. If the traffic is hijacked by another computer you may be paying for the hijacker's computer to get internet access. The hijacker may be kind enough to let you share the internet connectivity you paid for.

This kind of attack can be protected against by the payment site telling you which MAC address you are paying for, but the majority of users wouldn't notice if the reported MAC address was invalid.

If the network uses a captive portal that asks for your email address you should expect to be receiving spam on the email address you provide. Even the official WiFi network may choose to use the provided email addresses for such purpose without permission.

Without asking staff or consulting their website (preferably /not/ via one of the networks with questionable status), it's not really possible to say which one is the official network(s).

Try out which networks make it possible for you to access internet. Apart from that, according to JonathanReez's answer, there isn't really a difference. And use HTTPS and/or VPNs.

There is an app for that and it is called Flio. It lists 'Free Airport WiFi Telekom' for Tegel. Many other details about any airport are also listed. 3000 airports actually. This screenshot is just the WiFi detail view for Tegel.