Forced Entry / Duress Access Tutorial

By: Brian Rhodes, Published on May 17, 2018

Even though access control normally keeps people safe, tragedies have revealed a significant issue. If users are forced to unlock doors for criminals, unsuspecting people inside are vulnerable. 

But 'Duress Access' is a common, although overlooked, access system feature to combat the threat.

In this note, we examine the duress options for common types of access readers:

  • Biometrics
  • Keypads
  • Card Readers

And we address how opening design, closed access areas, and physical layering adds strength to perimeter access control for such risks.

Criminals Force Users To Unlock Doors

In general, once entry is made and the criminal is able to enter a building, the primary security boundary keeping people safe has been breached.

Forced entry has been an entry path for criminals in several events, notably in 2015's mass shooting inside French tabloid 'Charlie Hebdo', where active shooters forced an employee holding her child to enter her door PIN code at gunpoint in order to gain access.

Once inside, they murdered 10 people. Armed Responders only arrived in force at the scene more than 30 minutes after the killers fled.

The overall risk includes less violent acts, including theft or burglaries, where armed bandits wait for unsuspecting users as they key in codes or present cards, only to force Tailgating into a facility to commit crimes.

Vulnerability Even In High-Security Deployments

Access control only works when credentials are protected and unable to be misused. Making sure the doors and openings are protected is not enough.

**** ****** ****** ******* normally ***** ****** ****, tragedies **** ******** * *********** issue. ** ***** *** forced ** ****** ***** for *********, ************ ****** inside *** **********. 

*** '****** ******' ** * common, ******** **********, ****** system ******* ** ****** the ******.

** **** ****, ** examine *** ****** ******* for ****** ***** ** access *******:

  • **********
  • *******
  • **** *******

*** ** ******* *** opening ******, ****** ****** areas, *** ******** ******** adds ******** ** ********* access ******* *** **** risks.

Criminals ***** ***** ** ****** *****

** *******, **** ***** is **** *** *** criminal ** **** ** enter * ********, *** primary ******** ******** ******* people **** *** **** breached.

****** ***** *** **** an ***** **** *** criminals ** ******* ******, notably ** ****'* **** shooting ****** ****** ******* '******* *****', ***** ****** ******** ****** ** employee ******* *** ***** ** ***** *** **** *** **** ** ******** ** ***** ** gain ******.

**** ******, **** ******** 10 ******. ***** ********** only ******* ** ***** at *** ***** **** **** ** ******* ***** *** ******* ****.

*** ******* **** ******** less ******* ****, ********* theft ** **********, ***** armed ******* **** *** unsuspecting ***** ** **** key ** ***** ** present *****, **** ** force ********** **** * ******** ** commit ******.

Vulnerability **** ** ****-******** ***********

****** ******* **** ***** when *********** *** ********* and ****** ** ** misused. ****** **** *** doors *** ******** *** protected ** *** ******.

[***************]

*** *******, ******** ******** at ******* ***** *** not * ****** ******, and *** *********** ****** up ******** *********** ***** **** ******** ******. *** ******** *** a ********* ****** ******* system *** * ********** security **** ********* ** a ******. ****** **** shooting ***** *** **** the ********, *** ****** grabbed ** ******** ** an ****** *** ****** her ** **** *** main ******** ** ********. From *****, **** *** unabated ****** ** *** inside.

** **********, *** ******** of '**** ***** ** done ***********?' ** ***** by ****, ********** ** those ******* ** * similar ****** ****** ** keep ******* *** **** away.

Access ****** ****** *******

** *** **** ** forcing * ******* ** open *****, ** ******** refusal *** ****** ** immediate ***********, *** **** seconds ** ******* *** response *** ** ****. ************* the *** **** ** Charlie *****, ********* ****** undo *******, *** ****** changes ** *** ******** system ***** **** ** the **** ***** ******** the ****** *** *********** lowered *** ****.

** *******, *** **** access ********** ***** ** be ********** ** ******** handle *** ***** **** a '******' ****** ** sent **** * ******. Even ** *** **** access ****** **** *** claim ****** *******, * custom **** ** ****** can ** ********** *** event *****-******* ******** ***** ******* ******* ********* ************* of * ****** *****.

** ********, *** ******** and ************* **** ***** a ********** *** ****** notifications ** ****** **** include:

**********

*** **** ********** *******, if ** ******** ** specially ********** '********* ****' fingerprint ** **** (**: the ****-**** ***** ****** than *** *****-**** *****), the **** ****** ******, but alarms *** ****** ** notifying ********/*********** ** *** system ******* **** ************ or **** ** ****** responders.

** ******* '******' *********** enrollment ** ***** *********'* ***************, *** *** ******* and ******** *** ******* to **** ********* ****** management ********:

** * ********, *** act ** ***** *** appear ** ********* **** what ** ******** ********, but ****** *** ******, officers *** ** ************ acting ** ******* ********* to **** ****** ** a **** ***** ** emergency *** ****.

*******  

******* ****** *** ********** as ***** *** ***** ******* ****, ******* *** *** of *** ******** ** configure *** ******. ** a **** ****** * special ****, **** ** an ********'* *** ** reverse *****, ** * two ***** '********* ****', the ****** ******* *** door, *** **** ****** and ******** ***** *********.

*****, ** * ********, the *** *** ****** no ********* **** ******, and ***** ***** ****** can **** **** *** or ***** *** ******** code *** ********* ** enter **********.

Card *******

*************, *** ** *** most ****** ************** ******* also *** *** ******* 'duress' ******** **************. **** ******* issue ***** ******** *****, one ***** ** '*********' card **** ******* *** same ** * ****** credential ***** *** **** triggers ********* ****** ** used. 

*******, **** *******, ****************'******* *' ********** *******, ***** ** a **** ***** ***** badge ***** ***** ** rapid ********** * '****** event' ** ********* *** may ****** ***********.

*******, ****-***** ******* *** ***** to ***** ******** ** extra ***** ** ***** of ******** *** *********, and ****** *** **** readers ******* ***** ** implement **** *** **** effectiveness ** ***** *******. 

Building ****** ******* ****** *****

*******, *********** *** ******* or ***** ***** **** specific ******** ** ******** the ********* ****** ** forced ***** ** ********.

* *** ** ****** time, ** ****** ***** occurs, ** ** **** more **** *** ********** exit *** ******* ** segregate ******. ****** ******* like ******** *** **********, *********** *** ******* internal ******** (**: ***** rooms, ********, ****** *****) with ********** ******* ****** can **** ****** ** unprotected ***** *** ******** emergency ********** **** ** potential *******.

Avoiding ***** ***** ** ********

********** ** *** ****** or ****** ****, ******** managers *** ********* ****** absolutely ***** ********* *** true ********** ** *** systems **** ******.

****** **** '***** *** victims' *** *** ************ a ******* ***, *** lesson ** *** ** misgauge *** **** ********** value ******* ** ****-**** security *******. **** * modern ****** ****** *** not ****** ** ******** all ***** *** ******* Hebdo *** **** ** duress *********, *** ********* may **** **** **** even *****.

*** ***** ****** *** security ******** *** **** assessment ******** *** ** evaluate ********** ************ **** current *** ******** *****.

Comments (3)

I brushed past this and decided to read it.  We used to sell duress as the “security between the outside and the inside”.

Although it has been problematic for people to remember how to use it on that rare occassion, and more often the creation of a false silent alarm due to the methods used such as changing the last digit by one up or down.

Added to that is the common requirement for no verification by the dispatchers.

Of course, how many alarms use the years 1950 to 1999 for codes still or the default 1234!

Again, to a criminal, the PIN may appear no different than normal, and users under duress can even give out or share the alarming code for criminals to enter themselves.

Pro tip: Always try PIN in reverse first...

I'm beginning to wonder if duress reactivity should involve some sort of force based response mechanism. What better way to put down animals like that than by a machine?

Maybe I'm being extreme. Maybe I'm politically biased and driven by my complete anti-religiousity. However, the Charlie Hebdo incidents are among the most infuriating in respect to terrorism and Islam in general.

Speaking of which, are there any interdiction systems that are effective and readily available through proper channels that are worth talking about for a commercial (non-industrial) application?

Read this IPVM report for free.

This article is part of IPVM's 6,298 reports, 840 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Access Control Course Spring 2020 - Register Now - Last Chance on Apr 21, 2020
IPVM offers the most comprehensive access control course in the industry. Thursday, April 23rd is the last day to register, as the course will...
Delayed Egress Access Control Tutorial on Feb 04, 2020
Delayed Egress marks one of the few times locking people into a building is legal. With so much of access control driven by life safety codes, and...
Hotel Access Control Explained on Dec 23, 2019
Hotel access control does not work like typical commercial access control because doors in hotels are not typically directly connected to a central...
2020 Access Control Book Released on Dec 19, 2019
This is the best, most comprehensive access control book in the world, based on our unprecedented research and testing has been significantly...
Tailgating: Access Control Tutorial on Oct 31, 2019
Nearly all access control systems are vulnerable to an easy exploit called 'tailgating'. Indeed, a friendly gesture in holding doors for others...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
Access Control Mustering Guide on Sep 30, 2019
In emergencies, determining where employees are located can be critical for knowing whether they are in danger. Access systems can be used for...
Access Control Mantraps Guide on Sep 26, 2019
One of access's primary goals is keeping people out of places they should not be, but slipping through open doors (ie: Tailgating) is often...
Axis Door Station A8207-VE Tested on Aug 07, 2019
Axis newest door station, the A8207-VE, claims to deliver "video surveillance, two-way communication, and access control" in a single device. But...
Door Operators Access Control Tutorial on Apr 17, 2019
Doors equipped with door operators, specialty devices that automate opening and closing, tend to be quite complex. The mechanisms needed to...

Most Recent Industry Reports

LIVE NOW "Fever Camera" Show on Jun 02, 2020
IPVM is excited for the world's first "Fever Camera" show, to be held today Tuesday, June 2nd and Wednesday the 3rd from 11am to 4pm EDT, giving...
Smart Entry Systems Presents Cloud Multi-Tenant Access Control on Jun 02, 2020
Smart Entry Systems presented Cloud Multi-Tenant Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...
Genetec Drops Support for Dahua and Hikvision on Jun 01, 2020
Genetec has dropped support for Dahua and Hikvision, citing US blacklisting and ONVIF conformance blockage, the company informed partners in an...
Dotty "Hot Or Not" Elevated Body Temperature App Tested on Jun 01, 2020
What if you could take an existing phone or tablet and transform it into "fever camera"? That is what DottyAR is doing with their strangely named...
Optris "Fever Screening Systems" Examined on Jun 01, 2020
German manufacturer Optris has been building temperature measuring instruments for industrial manufacturing for over 15 years, and thermal cameras...
Fever Camera Sales From Integrators Surveyed on Jun 01, 2020
Fever cameras are the hottest trend in video surveillance currently but how much are integrators selling them? 220 integrators answered the...
Proxy Presents Mobile Credentials For BLE Devices and Access on May 29, 2020
Proxy presented Mobile Credentials For BLE Devices and Access at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...
ISC West 2020 Moves To The Basement on May 29, 2020
The twice cancelled/postponed show will now not only be held in a different month (October) but on a different floor, moving down to the...
Integrators Avoiding Coronavirus Air Travel on May 29, 2020
IPVM asked integrators if air travel is part of their 2020 plans to see how significantly Coronavirus will impact future...
Viakoo Presents Cyber Hygiene for Cameras on May 28, 2020
Viakoo presented its 'Cyber Hygiene' and 'Service Assurance' products at the April 2020 IPVM New Products show. Inside this report: A...