Reducing Risk from Access Control Card Hacking

In 2011, we wrote about the importance of “2-factor” authentication in the physical as well as the virtual world. With the velocity of black hat hacker attacks this is more important than.

This needs to be a serious consideration in the physical access control world for any facility that may be targeted or where the risks warrant it.  Access control credentials can be copied and duplicated. In most cases physically breaking through a door or into a property would be easier than hacking their credentials, but if you are taking the time and money to deploy an electronic access control system you should consider the options.

Typical access control solutions utilize a code OR and credential like this access control card. 2-Factor access control requires both ( or a code and a biometric factor )

Typical access control solutions utilize a code OR and credential like this access control card. 2-Factor access control requires both ( or a code and a biometric factor )

The simple solution is a “2-factor” access control system where access is generated based on something you have (e.g., an access control FOB), and something you know, (e.g., a PIN code). Access control readers that allow you to enter a PIN code and/or pass an access card in front of it are readily available. Schedules may be placed on the system so a card is acceptable during open business hours but a card plus a PIN is required after hours. These are important, not just to address the risk of cards being copied or forged, but also to prevent a card, lost near the property, from being used to gain access.

For more information read "How Secure is Your Security Badge?" from Krebs on Security.