Access credentials and how to choose the right one for your business
Over 3000 years ago during times of war, Egyptians encountered difficulty in passing messages between their king and generals. A general would send a messenger bearing some vitally important update on the war effort to the king (“we’ve run out of arrows, please send more!” or similar), only to find the gatekeeper guarding the kings court had never set eyes on the messenger before, had no idea who we was, and didn’t believe a word of what he was saying (simply rolling his eyes and sarcastically saying “yes, yes, of course you need some more arrows…” 🙄).
So, the Egyptians invented a credential, something the messengers could carry that would provide evidence to the gatekeeper so that it didn’t matter whether or not the gatekeeper knew the person seeking entry, that credential gave the person authority to enter. And alas, the concept of using a physical credential for access control was born!
A code and a keypad are one of the most basic and affordable methods of access control and tend to be the first choice for many building managers. But the most undesirable attribute of codes is that it is relatively easy for a bystander to read the code as it’s being entered, and then suddenly the secure PIN code credential has been duplicated so that now there are two people that know the code that was intended for just one.
Plus, the Uber Eats driver knows the code because there’s always one fool who give out his code for something as important as a 6-inch Sub at lunchtime! And from there the number of people who knows the code multiplies and multiplies until you have no idea who is accessing the building and your access control database is in ruins…
There is one benefit though to codes and that is that they can be used without needing to carry a physical credential. An example of this is providing the emergency services, such as the fire brigade responding to an alarm with ad hoc access into your building, and in the process denying them resorting to using their preferred method of entry which is a grinning junior firefighter swinging an axe.
PIN codes can also be used to great effect in conjunction with physical credentials such as a proximity fob (see below). This is one of the original forms of two-factor authentication that require users to provide something they know (a code) as well as something they have (a fob) to deliver a much higher barrier to entry for intruders.
PROXIMITY CARDS AND FOBS
This is by far the most popular form of access credential: a small key tag or credit card style credential that uses radio frequency identification (RFID) to transfer information to a credential reader to grant access. They are relatively cheap and very reliable, convenient to carry, and the printable credit card style options can double up as an ID card for staff. However, not all proximity credentials are equal and there is a multitude of vendors available supplying different technologies and formats; some of which are far more secure and reliable than others.
So, what should you look for when selecting a proximity credential for your access control system? Firstly, you need to get a little bit technical and look at the frequency of the proximity credential. 125 KHZ (low frequency) cards have been around since around 1990 and have little or no encryption and can be easily duplicated by anyone with access to a $10 eBay RFID scanner (seriously, Google it 🤯). For relatively little extra cost the higher frequency 13.56 MHZ proximity credentials provide a far higher level of security and can be encrypted to prevent duplication.
Secondly, choose your vendor. HID are the leaders in proximity technology, but at Red Flag Systems we prefer the Inner Range SIFER products as they’re a global company started from humble beginnings here in Melbourne. Avoid anything that’s ‘no-name and no-brand’ as there are some terribly cheap and nasty imports available that are far less secure or reliable.
And finally, be very careful about who you choose to supply your proximity credentials. Whilst high level of encryption in access cards create a barrier for criminals to hack your system, they also provide unscrupulous security companies with the ability to hold you to ransom to their services long into the future. There are some real horror stories out there of buildings having to throw away their existing cards and replace them with new just to get out of being locked into services with some so-called security Experts!
Cards, fobs, and codes?… We may as well be back in ancient Egypt when compared to the current demand for everything to be fully accessible on our smartphones, and access credentials are no different. With over 95% of the adult population between 18-44 years of age carrying a mobile phone, they are a very convenient and very secure form of access credential. Using near field communications (NFC) or Bluetooth they provide what is called three-factor authentication requiring a user to provide something they know (a PIN code), something they have (a phone) as well as something they are (biometric such as face ID or fingerprint).
There are a few caveats though to this technology. Firstly, everyone needs an up-to-date phone for the system to work, and I’m sure we all know at least one person who’s still operating on iOS 8.1.4 🙄 and has their phone battery levels perpetually hovering below 4% 😰. Plus, there’s a little more cost and admin required to maintain the database of users. But don’t let this put you off, smartphone technology is here to stay and is likely to become a mainstay for access control in the near future.
Ok, we have saved the fanciest and most controversial option to last. Facial recognition, hand geometry, fingerprint and iris readers, retinal scans, voice prints and palm readers (not to be confused with clairvoyants) are all different type of biometric readers that can be used for access control.
And this is the amazing part: every human body is so unique that bits of it can be used to confirm identity with far more accuracy than any other form of credential. And the technology has come leaps and bounds, so what was once only the domain of high-security mission-critical corporations due to the exorbitant price tag, is now readily available at a relatively reasonable cost.
But as with mobile technologies, it is not without a few problems. For one, reliability can be an issue and it only takes a few greasy fingers smudged onto a fingerprint reader to create a que of frustrated office workers unable to get into a building. Plus, there is a lot of hyperbole at the moment around ethics and security concerns (some valid and some not-so) about facial recognition technology and the storing and recording of people’s faces in a database.
From our perspective, biometrics are a great form of credential, but until the technology, the laws and public opinion have fully aligned it may be best left for some of your most high security applications such as communications rooms or sensitive areas of a facility.
1300 685 504
Get in touch with us
Request a call back
Proud members of ASIAL and we share their commitment to promoting standards and raising the level of professionalism within the security industry