Solutions to 5 Common Access Control Problems

By: Brian Rhodes, Published on Nov 21, 2016

Effective security is more than just good equipment. In fact, thousands of dollars in electronic access control can be wasted if they are not used properly. In many cases, proper operational controls fail to be implemented and enforced.

In IPVM's Access Control courses, students share real world situations where access control does not work.  Over the span of multiple courses, key trends emerged.

5 common problems include:

  • Using Only One Credential or One Access Schedule
  • Door Props Are Rampant
  • Tailgating Is Not Addressed
  • Uncontrolled Doors Are Used
  • Lousy Visitor Management

Inside, we examine each one and explain how to solve them.

********* ******** ** **** than **** **** *********. In ****, ********* ** dollars ** ********** ****** control *** ** ****** if **** *** *** used ********. ** **** cases, ****** *********** ******** fail ** ** *********** *** enforced.

** ****'******* ******* *******, ******** ***** **** world ********** ***** ****** control **** *** ****.  Over *** **** ** multiple *******, *** ****** *******.

* ****** ******** *******:

  • ***** **** *** ********** or *** ****** ********
  • **** ***** *** *******
  • ********** ** *** *********
  • ************ ***** *** ****
  • ***** ******* **********

******, ** ******* **** *** and ******* *** ** solve ****.

[***************]

IPVM ****** ********

** *** ***-**** ****** ******** *****************, ** *** *** following ******** ********** ******** in **** *****:

"**** ******** ** ****** Controlled ********** ****** *****. ** you **** *** **********/***** like ****? **** ** you ***** **** *** doing *****/ *** ****** it ** *****?"

**** ***** ******** *** their *** ********** ** evaluate **** ****** *** remedy. ****** ****** ******** ** access **** ****** *** make *********** *** ***** quicker. **** *** ******** hundreds ** ********* ****** classes.

Only *** ********** ** *** ****** ********

*** **** ****** ******* are *** ***** ****** one ******* ****** ***** and ******** *** *** users, ** **** *****: sharing *** ******* ********** among ******** *****. **** means ****** **** *** credential *** *** ******* controlled ***** ** ***** times, **** **** '********** areas' ***** ******** ** important. ******** ******** ********:

  • "*************, *** ** *** sister ******** *** **** cards **** ********** **** and ****** **** ** contract ********* ******* ******* it, **** ****'* ****** till ** ********* **** a **** ***** (******* reason *** ****** ******** are *****)."
  • "* **** ** *** facility **** **** ****** cards ****** ** **** user, *** **** *** apply ****** (** ********, technicians, ******, ***.) ** create ****** ********* ** control ***** ***** **** can ******. ********* **** card **** *** ** the ********* *** ******** ***** at *** **** *** gives *** ** *** elevators ** *** *****."
  • "*** **** ******* * have ** ***** **** simply ****** *** *** doors ** *** ******* and **** **** *** last ****** ******, **** a ****** *** **** for ********. **** ** a ******** ****** ** what *** ****** *** designed ***."
  • "** * ****** ** mine, * ****** ****** the ********** ******* *** recently ******* ** **** he ****** ** ***** his ****** *********** ******* faculty **** ********* *** facility ****** *** ****** months *** ************ **** contractors/custodial *****, ***... *** really ********, **** ********, but ***** ** *** people ***** ****** ***** he ****'* **** **** there."
  • "*'** **** ***** ***** have ***** ****** **** schedules *** **** ***** to * ****** ******* forget ** ********* * holiday ******** ***** ******* those **** **** *** unlock ******** ** **** the ******* ***** ****** the ***** *** ******** but ** *** ** there ******** ******** ****** to *** ******** ** the ******** *** *** other ******* **** *** unlocked ** ****."
  • "* **** * ******** with * ******* **** company **** ******* ****** of "*** ****" ********* that **** ******* * high ******** ****. ***** year ** ******* * system ***** *** ** never ******* *** ******** or ***** *********! ** spend ** **** ******** users *** ***** *********** from *** ********. ** feels ** ** **** enough ** **** *** the ***** ***** **** and ***** **** *** to *** **** *** hired."
  • "* *** ******* ** find * **** **** over ** ***** **** all ******** *** **** card ******.  ** *** system, *** ****** **** looked **** *** ********!"

*** ********: ******* ** ******** configure *** ****** ****** ******* ****** *** Schedules ** ************* ******* *** biggest ********* ** ********** access **** ****** ********** locks *** ****. ***** should ** ************ ******* to ****** *** ******* credentials *** ***** ****** patron *** ******** ****** levels ***** ** *** their ******** ****. *********** or ******* ****** **** the ********** ** ***** ***** features *** ****** *** importance.

** *****, ***** ********* or ****** ** ****** this ****** ** *** system *** ****** *** saving ***** *** ********** electronic ******.

Door ***** *** *******

******* ****** ******* *** the *** ** **** props- ********* ******** **** hardware ****-*****, ********* **** scraps ** **** ** trash - **** **** the ****** ** ******* doors **** *** ********, thereby ********** **** **** controlling ** ********** ****** at ***:

  •  "*** ** *** ******* -- * ****** **** 5 ********* ** ** acres -- *** ****** control ** *** ***** doors, *** **** ********* flip-down **** ***** ** all ** *** ********* exits ** **** ********* going ******* ** ***** can *** **** **. And **** ***** *** doors **** ***** ********* to ****. * ******** them ** ****** *** door *****."
  • "*** ******** ****** **** is ***** ******* **** with *** **** ******** at *** ***** **** register. *** *** * reader ** *** **** if ******** ** **** going ** **** *** door? * *** *** all *** ****** ***** on * ******* *** the **** ** *** wall ** ****** **** are *** ** ***** out *** *** **** the ******. *** **** should ****** ** ******."
  • "**** ****** ***** * have *** **** **** the ***** ** *** habit ** ******** ***** - ********* ******* ********* need ** ** *** for * *****, *** can't ** ******** ***** their ***********."
  • "***** *** ****** ******* to ***** ***** ****** and ******** **** **** in *** **** ***."
  • "* ******** ******* * University ** ** *** on ** ***** ****** for *** *** *** the **** ***** **** propped **** **** ********. When * **** * comment ** *** ******** director, ** ****** **** if *** ***** **** left ****/******, **** *** odor ***** ** ************. They ****** ** **** a ******** **** **** having ** ***** '***** sweat *****'."

*** ********: ** ** ****** in *** ********* *** **** **** Problem ****, *** ****** ******** is ** ******* ** any **** **** ****** or ******** ****. ** some *****, **** *** require ******** ******** ***** with * *********** *** uninstalling ****-*****, *** ***** it ***** ********* ******* up *****, ***** ****, rocks, *** ****** **** have ****** *** ********** ** wedge ***** * ****.

****** **** **** ** maintenance * ******* ********** can **** ******** * potential ******** **** *********** the ****** ******. 

Tailgating ** *** *********

*** ******* *** ** easy ** *** ** the *********** * ****** user **** * **** open *** ******** ****** entering ** ******* ** area, ******* ********** *** access ****** **** '***********' access ** ***.  ** note *** **** ***** of *** ***** ** our ********** - ****** ******* Tutorial **** *** ******* *** otherwise ****** ******** *** actually ** * ******* security ******:

  • "** *** * ******* that ****** **** ******* at * ****** ****** network ******** ****** *** the ********* **** ******** to *** *** ********** to **** ** ************. Instead, **** ***** *** just *** ******** ** the ********* **** ** tailgating ** ******* *** door ****."
  • "********** **** ******* *** have **** ****; ****** back **** *****, ********* 50 ****** ***** ***** the ******** **** * reads, **** ** *** door '************' ****..."
  • "***** *** ** **** facilities ***** *** **** keeps *** **** **** for *** ** ****** people ** * *** that ***'* **** **** each *****.  *****."
  • "* ****** ** * US *** ***** **** that *** ********* ** armed *** **** *******-**** on *** *******, *** it *** **** ****** for ******* ** **** the **** *** ***** tailgating ** ******** *********** into **** ******** ***** inside **** ** ************* of *** *****."
  • "*** ********* ******* *** temporary ******* *** *** same ********, *** *** supervisor ***** ******* ** the ********* ******* ****** for *** ********* ******* to **** **** *** building *** ********, *** never *** *** ********."

*** ********: ******** *********** ******** are ********* ** ********** or ******* **********, **** ********** ** **** ******* ** ****** ******* ** **** ***** *********. However, ** **** ******** the **** ********* ****** involve ******** *********, **** training, *** **** ******* notifying *** ******* *** risks ** *** *****.

Uncontrolled ***** *** ****

*********, *** ***** **** is ******** ** ** access ******* ******, *** due ** ************ ** proximity ***** ************ ******** in * ******** ******* traffic.  *** **** ** using ***** ***** ***** the ****** ****** ***** be ******* ********* *** not ********** *** ******** goal ** ******* * facility ******:

  • "* **** **** ** many ******/ ********* ********* where *** ***** ****** is ******* *******. *******, you ***** **** **** around *** **** *** the **** ** ***** were **** *** ** one *** ****** ** stop *** **** **** walking ** ** *** front ******."
  • "*** ***** * **** to ****, *** ******* card ****** ***** ****** the ******** *** **** of *** ***** ****'* have * ****** ** use **** **** *** access. *** ** ***** doors *** ***** **** to ** *** **********. It ****'* **** * card ****** ****** ** it, *** ** *** so ***** ** *** desks ***** **** ** tempting ** *** ** we **** ******* ****. A *** ** ** would **** ***** ** the **** ** *** access. ****** ** *** department ***** **** *** door *** *** **** for *** *******, ******** access **** *** ******** without ****** ** **** any ***********."
  • "******* ********** **** * main ******** **** ******* and ********, *** *****'* multiple **** ***** **** nothing *** ****** ***** doors **** ****** *** enter ** ***** ****.  Stuff **** ****** *** the ****."
  • "* ****** * ****** in *** ********** ****** with *** ****** ** direct ******* ******* *** office ** ***** ** verify *** ******* ******** and ******. **** ***** have ****** *** ** not **** *** **** handicap ***** ******* *** hardware ** ***** *** door ****. **** ****** the ********** ******** ***** it *** ********."
  • "*** **** ********** ***** in *** ***** ******** was *********** ******* ***** storage **** *** **** inside * **** **** that *** ***** ****** and *** ** *** shortcut *** *******."

*** ********: **** *********** *** ******** should **** ** ********* which ********* ******** *** authorized *** ***, *** then **** ****** ** either ******, ****, ** add ************ ******** **** the ****** ******. ***** openings ** **** ********** and ****** ******** *********** ****** ******* **** ****** if **** *** ********* egress *****, **** *** and ****** ** ****** against ************ *****.

Lousy ******* **********

*******, ******** ** *** implementing ************** ********* ** ********* visitors **** **** ****** control ********** *** ** the ******* ***** ** the ******. ***** **** visitors *** *** *****, a ***** ********** ***** be **** *******, *** without ******* ********** ** place **** *** ******* to *** ****** **********:

  • "*** ** ** ******'* **** areas ** ******* *** generic ****** *** ******* and ***********. **** ***'* keep ***** ** *** and ***** ***** ****** go."
  • "*'** **** **** ********* with ************ *******. *******, they *** *** *** an ******** ** *** outside ** *** ********, but ***'* ******* **** the ***** **** *** larger ********. **** ***** when *** ********* ****** buzzes ******* **, **** have ****** ** *** rest ** *** ****."
  • "*********** ***** ****** ** areas **** ** *** gym ******** *** *** not ******* ** *** it **** ****** ** isn't * **** ******** area."
  • "*** ** *** ******* problems ** ********* ** Portugal ** ******* **********. There ** ****** ******* that ******** ****** **** visit ***** **** ****, to ****** ****** ** the ******** *****."
  • "* ****** ** * large ************ ***** ******** were ******** ** ****-** and **** ******** ***** badges. ***** *** ****** control ** *****, ******* it *** ***** **** unsecured **** **** ***** etc. **** *** ******** had ****** ********, **** had * **** **** free **** ** **** than **** ******** ****** have."

*** ********: ** ** ****** in ********** ********** ******* ******** ****, **** ****** ********* have ** ***-** ****** to ************ ******* ****** directly **** *** ******, eliminating *** **** ** a ****** ********** ******* 'check **' ******. ***** trouble ** *** ********* solely *** ******* ************** ********, the **** ** *********** visitors ******* ******** ** risking **** *** ** significantly ********* ******* ********** ******* management ********.

Comments (1)

The most vulnerable place in the whole building was radioactive medical waste storage that was just inside a side door that was never locked and was an hot shortcut for workers.

How heinous was the existing EAC that people would take 'hot' shortcuts thru radioactive waste storage?

Read this IPVM report for free.

This article is part of IPVM's 6,367 reports, 855 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Propped Doors Access Control Tutorial on Jan 07, 2020
Doors should keep 'bad guys' out, but a common access control problem is people propping doors open, preventing them from being secure. Even...
Hotel Access Control Explained on Dec 23, 2019
Hotel access control does not work like typical commercial access control because doors in hotels are not typically directly connected to a central...
Wireless / WiFi Access Lock Guide on Nov 12, 2019
For some access openings, running wires can add thousands in cost, and wireless alternatives that avoid it becomes appealing. But using wireless...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Door Fundamentals For Access Control Guide on Sep 12, 2018
Assuming every door can be secured with either a maglock or an electric strike can be a painful assumption in the field. While those items can be...
Inputs/Outputs For Video Surveillance Guide on Aug 24, 2018
While many cameras have Input/Output (I/O) ports, few are actually used and most designers do not even consider them. However, a good understanding...
Forced Entry / Duress Access Tutorial on May 17, 2018
Even though access control normally keeps people safe, tragedies have revealed a significant issue. If users are forced to unlock doors for...
Key Control For Access Control Tutorial on Apr 16, 2018
End users spend thousands on advanced systems to keep themselves secure, but regularly neglect one of the least expensive yet most important...
Hikvision DeepInMind Tested Terribly on Feb 15, 2018
While Hikvision is heavily marketing deep learning and 'AI' as their next big thing, new IPVM test results of their DeepInMind NVR shows their deep...

Most Recent Industry Reports

Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing campaign using NBCUniversal's assets was not allowed. Hikvision mass...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...