Hackable 125kHz Access Control Migration Guide

Author: Brian Rhodes, Published on May 19, 2017

Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video embedded below:

However, changing to more secure credentials is not always a clear path, and doing it can cost thousands of dollars for even smaller systems.

In this guide, we cover the most common migration paths and examine the pros and cons of each, so you can help choose the best path forward.

This guide covers:

  • The 3 Most Common Migration Paths
  • Pros & Cons of Each Method
  • Biometrics Option
  • HID Global Formats More Costly
  • 13.56 MHz Read Ranges Shorter
  • Changeover Cost Is The Biggest Factor

******* ***** *** ** *** **** ******* ***********, *** *** credentials *** ****** ****** *********** ** ** ****** ** *** **** *******, ***** ******** *****:

*******, ******** ** **** ****** *********** ** *** ****** * clear ****, *** ***** ** *** **** ********* ** ******* for **** ******* *******.

** **** *****, ** ***** *** **** ****** ********* ***** and ******* *** **** *** **** ** ****, ** *** can **** ****** *** **** **** *******.

**** ***** ******:

  • *** * **** ****** ********* *****
  • **** & **** ** **** ******
  • ********** ******
  • *** ****** ******* **** ******
  • **.** *** **** ****** *******
  • ********** **** ** *** ******* ******

[***************]

The ***** ****

*** **** ***** ** *** *******: *** **** ****** *** kHz **** ******* **** ** ****** *** ********** ***********, ** copying **** ** **** * ****** ** * *** ******* and ***** * *** *******. ***** *** **** ****** ** these ******** *********** ** ******** ***, *** **** **** ******* are **** ** ***** **** ******** ********** ** * **** issue *********.

Three ********* *****

*** ******** ** ***************: **** ***** *** *** ***********. ***** that *****, ****** ********* ******** ******* ********** *** ********* ******* of **** ******* ***** ********* ** ***** ********* ******* ***** them * ******* ***********.

*******, ***** *** * ****** ** ******* *** ********* *******, each **** ******* ***** *** ********* *** ********:

  • ****** ***** & ******* ***********
  • ******* *****-******** *******, ********* ******* *****
  • ******* ******** *******, ********* ******* *****

*****, ** ******* **** ****** ** ***** *** ***** *** pros **. **** ** **** *********** ***** **** ** **** for ******** *******.

HID ****** ******* **** ******

*** *** ************* **** ********* **** **** ****** ******* ** deciding ***** **.***** ****** ****** ** ******* ** *** *****? The *** **** ****** ******* ***** **** **** *** ********* vendors:

** *******, *** ****** ****** ** **** ********* ** * per-reader *** ***-********** ***** ******** ** ******/*******. *** ****** ** the **** ********** ** ******* *** ** *********, ** *** HID ******* ** ********, ** *** ************ ********, ** *** or ***** ****** **** *****. ** ********, *** ***-*** ******* are '**** ***' *** *********** **** *** *** ************ ** build ******* ******* **** **** ** ********* ****.

*** ****** ******* ********** ******* ****** ****** ******* ****** ***** on ********** **** *******, *** *** **** ********** ********* ****** 10% - **% **** *** *** *** ********. *******, ********** in ***** *******, *******, *******/******* *******, *** ******* ************ *** be ****** *** *** *** ******* *********** ****** ***** ** that ******. ********* ** *** *****, ***-***** ******* *** ** more *******, *** *******/******* *** ** **** *********.

*** ******** ******** ******* *** *** *******, *** ***:*** ** *** ***************.

13.56 *** **** ****** *******

**** ** *** *** **** ********** ******* ***********. ******* **** range ****** **** ** ************* *********, **** *** ***** ********* 125kHz ****** ******** ****** *********. ***** *** ******* ***** ** not * ******* ****** *** **** ***** ** ******* ***** applications ***** ***** **** **** **** * ****** **** **** the ******, ***** **** ********* **.***** ******* ****** **** ** ranges ****** *** ******* ****** ** ******* **** ************.

*** *******, ******* *** **** ***** ************ ** ** **" **** ******** *** ******* ***********, *** their**.** *** **************** ***** **" *** **** ********* *** ** **** ********** *** **************** *** ****** ****** ******* *** **** ***********.

Pros & **** ** ****

******** **** *** ***** *******, *** **** ****** *** ******* but ******* **** *** ****** ****** ****** ** ********* *********** of **** *** *** ******* *** **** *****, ***** *** least ********* *** *********** **** *** **** ********** ****** ** simply ******** * **.** *** ****** ***** ******** ***** *** begin ******** *** ***** ** ***** ** ******.

*** **** *** ** *** ****, ********** ******** ***********, *** low ****** ****** ** ** *** * *********** ****** **** can **** ******** **** *********** *** *******, ***** ****** '*****-********' readers. **** ***** ***** *** *****-****:

** *** ******** *****, ** ******** **** **** ** *****.

One: ******* *** ***** & ******* ***********

**** ********* **** ** *** **** ******, *** ** ****** the ******** *** *** ******* ** ********* *********** ** *** system ******* *** ***** ** ****. *********** ********** *** ** 125 *** *********** ***** **** *** ******* **** **********, *** such * ******* **** ******** **** ********* ****** *** ******* coordination ** ********* ******** *** *** ****** *********** **** *** replacement **.** *** *****.

** *******, * ****** **.** *** ****** *** **** $*** - $*** *** * ****** **** ***** ***** $* - $7 ****** ********** ************, *************, *** **** ******** *****, ** even * ******* ****** **** **** **** * ***** *** 50 ***** *** *** **** *** ********* ** *******, *** large **********/ *****-**** ******* *** **** ******** **** ** *********.

** ******** ** *** ****, ********* ******** *** *** ******* means ******** *********** *** *** *****, ** ******* *** ******** a ******* ***** ***** ********* *** ******* *** *********** **********. And ****-***** ************ *** **** ** ** **-********** ********.

** * ******, *** '******* ********** ** ****' ********* ** typically **** **** ** ******* ******* ***** *** **** *** logistic ****** *** *****.

Two: ******* *****-******** *******, ********* ******* *****

**** ********* **** ** ***** *** *** ****, *** ***** and ******** *** ***** ** *********. **** *** ***** ******, option *** ******** ********* *********** ** *** ******* ** * new ****** **** ********** **** *********** ** ****. ***** ****** 'multiclass' ** '***************' *******, ***** ***** *** **** ****** ********** frequency *** ******** *******.

***** **** **** ** ****** ***** **** ****** *********** *** be ******** ** * ******* ***** ****** **** *** ** once, ***** ******** * *** ****** *** *** ********* ******* of *********** *********** ** * ********** ********.

***** *** **** ** ***** ******* ** ***** ****** ** a ***-**** ***** ******** ** * ****** ********** **.** ***-**** unit, *** ******* ** ****** ** **% - **%. *** price ********** ** ********* ******* *** ***** **** *********, *** spreading *** *** ******* ** ********* ********** ***********, **** ** the **** ** ********** ******** *** *** ******* *** ****** or ***** ****, ** ********** *** **** ******** ********.

Three: ******* **** *******, ********* ******* *****

*** ***** ****** ** ***** *** ***** *********, *** ******** disciplined *********, ******* ****** ********, *** ***** ******* ******** ***** used: ******* * *** ****** **** ** *** *** ***.

**** ** ******-**** ******* ** ***** **** **** *****-********/********** *****, and **** *** ** ********* ******* ********** ********** ** *** existing ******* *** ***********.

*******, ********** *********** ******* **** **** *****, **** **** **** use ********* ***********, *** ****** **** ***** *********** ** **** unit. ********* ** ***** ** *** ****** **** ***** *** or ********* ********* **** **** ***** ** ***** * ***** trial ********.

** *********** ** *** ** *****, ********** *** **** **** prove ** **. ******** ********** ******* **** ** **** ***** creates ** ********* ***** *** ***** ***, ******** *** *** and *** **.** *** ******:

********, **** ********** ******** *** *** ******* **** **** *** reader *****, *** ********, ***********, *** ******* **** ********** ********* of *** ****** *** ** ********.

*******, *** ******* ** **** ****** *** ***** ******** ** no ***** ******* ********** **** ****** ************, *** ********* ** new *********** *** ** **** **** ** ***** *******, **** whatever **** ** ****** ********** ** ********** ** *** *** kHz **********.

Considering ********** *******

*** **** *******, *** *********** ** ******* *** ******** ***** credential ***** ********, **** **********. ***** *** **** ** ******, palm, *** **** ******** **** ********* **** *** **** ******, the **** ** ***** ****** ***** *** ********* **** **** 13.56 *** ************, *** **** ***** ******* *********** ******* *** user ********** *** **** ******** ** *** ** ******** *** the *** *******.

***** **** ***** *********** '**** *****', ***** *** ***** *********** or *********** ****** **** ********** ***** *********** **** ** ******* or ****** ************, ******* ********* ******** ******* ** *** ******* (and **** ******** ******** **** ******), *** ** **** ************* additional *********** **.** *** *********** *** ******* *** *********** ** certain ***** **********.

******* ** *** **** **** *** ********* *********** ******, ********* from *** *** ** ********** ** ********, ******** ********* ******** of ***** *********** ****** * **** ******** ****** ******* ****** copying ** ********** ******.

Changes **** *****

** *** *** *** ******** ****** *******, ******** **** ********* limits *** **** ********* *******. *** ***** *** ******** ******** often *** ****** ** ***** *** **** ** *** *** products ******* *** **** ** ********* **** **.

*** **** *****, *** **** *** ********* ** *** ***** to ******* ******** *****, *******, *** ********* ** ***** **** copiers *** ******* *** ********* *** *****. ******** ******** ****** now ******** *** ********** ** ******* ************ ********** *** '**** tech' *** *** ***** ** **** ** ******* '*** ****' duplicate ********** **** *** ** *** ******** ** *** *** retail *****.

Next **: ***** **.** *** *** ******?

** ******** *******, ** **** **** ********* **.** *** ******* to *** ***** **** *** ********** ** ******* ** ******** attacks ***** ********** ******* ** *********** ******** ***** *****. **** for *** ******* ** ***** ****** ****** ** '****' *** if **** ***** *** *****.

Comments (10)

Thumbnail profile

Michael Gonzalez

05/19/17 06:23pm

** **** *** **** *** **** ******* ** *** ** our ********* *** **** **** **. ********** ****** **** ***** boys, ******.

Undisclosed End User #1

05/22/17 06:19pm

*** ****** ***********/**** **** ******** ***** ******* **** *** ******** to ***** *** ********* ******? **** ******** ** ******* ** "digital *************" ** *** **** *** ****** ***** ** ***% unless ******* ** **** ** * **** *** *** ** using **** ******** ******* *** *** ****** *** ******* ** be ***********.

**** *** *** ***** ** ******** *** **** ***** ***** the ******* ** ******* *** ** *** ************* *** ********? When *** **** **** *********** *** **** *** ****** ****** replacing *** ************* ** *** ** **** ****.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Undisclosed End User #1 | 05/22/17 06:24pm

** **** ********* ******* ******** *******/******* *** **** ** ***** a **** **** ****. **** *** **** ****** ****.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Brian Rhodes | 05/28/17 10:54pm

*** **** ** **** ******* ** ********* ****:****-**** ****** **** ******* ******

Thumbnail 1981

Armando Perez

IPVMU Certified | In reply to Undisclosed End User #1 | 06/14/17 06:19pm

** ***** **** *********, *** * *** **** ** **** even ******* * ****** ***** **** ******** ******.

Undisclosed End User #2

05/23/17 12:59am

**** **** ** ******** *** ****** ********** ** *** **** cards **** ****-****** *** *****, **** *********** * ******* ** begin ********* ******* *** *** **** ******* **** ****** ***** at +** ***** ********* **** *** *********, **** **** ****** points *** ******** *****. **** ****** * ********* ** *** security ****** **** *** *** *** *********** ******* *** ** be ******. ******* ** ******* ****** ****; **** *********** **** 6mths *** ******* ** ** ******* *** ********** **** (******, security *********, ***'* ***). ** ****** *** ***** ********** **** both ****** *******, ** *********** ** *** *** *****. ****-****: if *** ******* * *** *********** **** ****** *****, *****'* matter ** ****** **** * ***** (** **** ** ****** don't **** *** *** **** *** ****).

John Honovich

IPVM | In reply to Undisclosed End User #2 | 05/23/17 11:21am

** *** ******* * *** ***********

#*, ****** *** *******. *** ***** **** *** ******* ******** or ********** ***** ********* * ***? ** ***** **** ** increase ***** / *** ************ ** ********. ** *** ***** hand, ********* ** *** ****** **** ******** ***** ** **, it *** ** ***** **.

Undisclosed Integrator #3

05/23/17 01:21pm

***** *** *** *** **** ********** ******? * **** *** to ***** ****** **** ** ** **** *** **** ** is. * ***** ******** **** * *** ** ******* *** cards **** **** *** **.

Undisclosed End User #2

05/23/17 01:47pm

****** **** ****** ********, *** **** *** *********** **********, ******* the **** *** ***** ** * ******** (***'* **** ********** for ******** *****).

*** ************ *** ****** **** ** ***** ** **** ** our ******** ********, ************ ** ******** ***** ******* ** **** business *****. **** *** *** ******** *** ****** ** ****** points ***** ****'* ********* ****** (**** **** *** ****/***********) *** only ***** **% ** ***** *** ******** ** *** ***********.

******* ********* *** ***** ******** **** *** ******** **** *** years, *** ****** ****** ***** ***'*. ***** *** *** ** roll-out ***** ** ******** ****** ** **** * *** *** and **** ** **** ** *** ********** ******* (**** **** signing ** *** * ****** ****).

**** **** ******** ** ** ********* *********** ** ******* *** PIN's *** ********.

**% ** ****** **** ******** ** ****** ****, **% **** tow *** **** ** ****** ****, **'* *** ****** **% you **** ** *** *** *** **** *** *** **** way ** ** **** ** **** * **** ********* *** comm ********.

Thumbnail profile

Michael Gonzalez

In reply to Undisclosed End User #2 | 05/23/17 07:27pm

******, **********. * ***** ** ** ** * *** **** helpful **** ************* **** *** **** ******** ** *** ********* on * ******* *****, *** **** **** ********* ** ********. If *** ******* ******** ********** *********** *** ***** ** ***** these ********* *** ***** ****, *** *********** ***** **** *** their ************* *** ********** ** *** *******, ****'** * *** more ****** ** *** *** ****. ****'* *** *** ******* a *** *********, *** ********* *******, *** **** ****** **** like ****'** **** ** *** ********, *** **** * ****** of **.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Last Chance - July 2018 IP Networking Course on Jul 12, 2018
Registration ends today, Thursday. Register now. This is the only networking course designed specifically for video surveillance...
Belgium Bans Private Facial Surveillance on Jul 06, 2018
Belgium has effectively banned the use of facial recognition and other biometrics-based video analytics in surveillance cameras for private,...
GDPR For Access Control Guide on Jul 03, 2018
Electronic access control is common in businesses plus organizations are increasingly considering biometrics for access control. With GDPR coming...
Allegion Acquires Isonas on Jun 29, 2018
Isonas failed to 'revolutionize' access control as they regularly claimed. Now, nearly 20 years after their founding, they are being acquired by...
Replacing / Switching Access Control Systems Guide on Jun 28, 2018
Ripping out and replacing access control systems is hard for important reasons. Because users typically hold on to access control systems for as...
2018 Mid-Year Surveillance Industry Guide on Jun 28, 2018
2018 has been an explosive year for the video surveillance industry, with the industry becoming a global political issue, with the expansion of...
Free Online NFPA, IBC, and ADA Codes and Standards on Jun 27, 2018
Finding applicable codes for security work can be a costly task, with printed books and pdf downloads costing hundreds or thousands. However, a...
'Secure Channel' OSDP Access Control Examined on Jun 21, 2018
Despite claiming to be better than Wiegand, OSDP's initial releases did not address the lack of encryption between reader and controller, leaving...
IFSEC 2018 Final Show Report on Jun 20, 2018
IPVM attended the IFSEC show for the first time this year. The Chinese took over the show, centered on Hikvision, flanked by Dahua, Huawei and a...
Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...

Most Recent Industry Reports

Security Sales Course Summer 2018 on Jul 13, 2018
Based on member's interest, IPVM is offering a security sales course this summer. Register Now - IPVM Security Sales Course Summer 2018 This...
US Tariffs Hit China Video Surveillance on Jul 13, 2018
Chinese video surveillance products avoided tariffs for the first two rounds. Now, in the third round, many video surveillance products will be...
Last Chance - July 2018 IP Networking Course on Jul 12, 2018
Registration ends today, Thursday. Register now. This is the only networking course designed specifically for video surveillance...
4 Most Difficult Camera Installs (Statistics) on Jul 12, 2018
Heavy housings, cumbersome brackets, heavy ladders required, and tricky field of view requirements will cause difficulties no matter the camera...
Axis Perimeter Defender Video Analytics Tested on Jul 12, 2018
Axis 'high security' video analytics offering is Perimeter Defender, OEMed / developed with Digital Barriers. But how good is Perimeter Defender?...
Hikvision Fights Ban - Claims 'Red Scare', Hires 14 Term Ex-Congressman on Jul 11, 2018
Hikvision is fighting back against the House Bill Ban of their products. Hikvision has hired one of the biggest lobbying firms, led by a 14 term...
Arecont Acquisition By Costar on Jul 11, 2018
Arecont Vision acquisition by Costar Technologies has been approved by the court, concluding the bankruptcy process triggered by Arecont's...
Amazon Ring Partners With Rapid Response For $10 Monitoring on Jul 10, 2018
Amazon's Ring alarm system is using Rapid Response for monitoring, IPVM has confirmed in our testing. Amazon is arguably the most feared new...
SIA Lobbyists Working On House Bill Ban of Dahua and Hikvision on Jul 10, 2018
While SIA is most known for ISC West, SIA maintains the industry's most significant lobbying organization to influence US government action. Last...
Eastern and SavvyTech Merge, Form ENS, Targets ADI on Jul 09, 2018
ADI, ENS is coming for you. Or, at least, they hope. Two US distributors, NY based EasternCCTV and California based SavvyTech have merged, to...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact