Keypads For Access Control Tutorial

By: Brian Rhodes, Published on May 31, 2018

Keypad readers present huge risks to even the best access systems. If deployed improperly, keypads let people through locked doors almost as if they were unlocked.

However, despite the drawbacks, keypads are still one of the most common choices in access today.

With this note, we examine the weaknesses of keypads including:

  • Revealing Buttons 
  • Snooping Eyes
  • PIN Sharing is Easy

Inside we offer advice on how to deploy them securely and examine a type of keypad that overcomes glaring weaknesses.

Operation Described

The function of keypads in access control is dead simple. The door or gate remains locked until the user enters a valid combination string, usually a sequence of numbers. Most access control applications assign each user their own number, called Personal Identification Number (PIN). Unless the user enters a valid combination, the opening remains locked.

Why Keypads?

If these input readers are so terrible, why do people use them? The single biggest 'pro' in using keypads is that no external credential is required. There are no cards or fobs to buy, fingerprints to enroll, and template records to manage. A user is given an access code that is presumably memorized or included in other documents, and nothing else is required.

The lack of external credential results in a lower operating cost relative to 'credential based' systems.

The Problems

Despite being one of the oldest and most used access readers, keypads have huge vulnerabilities. Worse still, it takes no special tools or skills to exploit these problems. While individual units may be better, or even worse, than others at these shortcomings, the biggest problems are:

  • Revealing Buttons 
  • Snooping Eyes
  • PIN Sharing is Easy

In the sections below, we examine these issues and address how they undermine even the best access control platform and most secure locks.

****** ******* ******* **** ***** to **** *** **** access *******. ** ******** **********, ******* let ****** ******* ****** doors ****** ** ** they **** ********.

*******, ******* *** *********, keypads *** ***** *** of *** **** ****** ******* in ****** *****.

**** **** ****, ** examine *** ********** ** keypads *********:

  • ********* ******* 
  • ******** ****
  • *** ******* ** ****

****** ** ***** ****** on *** ** ****** them ******** *** ******* a **** ** ****** that ********* ******* **********.

Operation *********

*** ******** ** ******* in ****** ************* ******. *** **** or **** ******* ****** until *** **** ****** a ***** *********** ******, usually * ******** ** numbers. **** ****** ******* applications ****** **** **** their *** ******, ****** Personal ************** ****** (***). Unless *** **** ****** a ***** ***********, *** opening ******* ******.

Why *******?

** ***** ***** ******* are ** ********, *** do ****** *** ****? The ****** ******* '***' in ***** ************* ** ******** ********** is ********. ***** *** no ***** ** **** to ***, ************ ** enroll, *** ******** ******* to ******. * **** is ***** ** ****** code **** ** ********** memorized ** ******** ** other *********, *** ******* else ** ********.

*** **** ** ******** credential ******* ** * lower ********* **** ******** to '********** *****' *******.

The ********

******* ***** *** ** the ****** *** **** used ****** *******, ******* have **** ***************. ***** still, ** ***** ** special ***** ** ****** to ******* ***** ********. While ********** ***** *** be ******, ** **** worse, **** ****** ** these ************, *** ******* problems ***:

  • ********* ******* 
  • ******** ****
  • *** ******* ** ****

** *** ******** *****, we ******* ***** ****** and ******* *** **** undermine **** *** **** access ******* ******** *** most ****** *****.

[***************]

Revealing *******

****** ******* **** *** collect **** **** ****. This ** * **** problem, ******* **** *** buttons ****** ** **** access *** *** **** typically ******* ***** ** use. **** *** *** examples *****:

*** **** **** *** buttons **** **** ** dirt *** ***** **** user's *******. ** ***** glance, **** **** ******* show **** ****, *** even *** **** ************* intruder ***** ****** ********* the ******** ******** ** the ****** **** * common ************** ** *** area, *** ** **** Zipcode. 

****** ******** *** **** than * ******* ** challenges **** **** **** 'secured' ****. ****** *******, even **** ************ * 'random' ******, ****** *** potential ************ **** **** of ********* ** * few *******, *** ****** combinations (*******/*****/********* *******) *** take ******* ** ****** down.

********, **** ** ******* in *** ******* ** the *****. ******* ** grime, ****** *** ****** buttons *** *********** ** stainless *****. ******* *** extra ******* ** * unit ***** **** '*******' buttons, *** **** ****** the ****** ******* *** dull ***** *** ******* most ***** ******* *** shiny. ** **** ****, guessing *** **** ****** combinations *** ****** *************.

Snooping ****

**** **** ******** ** prior ************ ** *** obvious, ***** *** ** watched ******** ***** *****.

****** * **** ** deliberate ** ********* ***** ******* and *** ****** ***** entering * ***, **** a ****** ******** *** note *** ******** *** code. * **** ********** intruder *** **** *** long ***** ****** ** even '******' ******* ******* ** ***** *** ***** combinations:

PIN ******* ** ****

**** ** '*******' ***** of ******* * **** are *********, * **** vulnerability ****** ********** ** mitigate *** ***** ******* codes ********. ** *** seem **** ** **** solution *** ** ************ circumstance, *** ******* * unique *** **** **** one ***** ****** ***** that '****** *******' ** lost.

**** ***** *** ******** where ***** *** ******* codes *** ******* ** labels ** ********, ******* to *** **** ** plain *****, *** ******* undermine ****** ********** ****** codes ** ***:

Overcome *** **********

********** ** *** ***************, keypads *** ********* ** droves ** ****** ****** control *******. **** ******* attention *** ****** **********, the ******** **** *** be *********. *** ***** include:

***** *** ******** *****

**** **** ****, *****, and **** '*********' ******* like ****. ***************** ****** ** ****** enclosures*** ****, *** ********** inspecting *** *******, ******* them ***** **** * mild ******* (******* ******* or *******), *** ********** the ******* *** ****** and **** **** ** a **** *** ** preserving ********.

*******, *** *** ********** effort ******* ** * maintenance **** *** ********* needed ** ***** ********** types **** *********** ***** or **********. 

********* ****** ****

*** ** *** ******* failures ** ****** ** that *** *********** ***** change. **** ****, *** user's ***** ** ************** ** keep *** ****** ****** slips.

*** **** *** **** authoritative ****** ** ********* loose ******* ** **** are ****** ** ****** them ** * ******* basis. *** ********* ** changes ******* ** *** population ** *****, *** systems **** **** **** 100 ****, ******** ***** yearly ***** ********* *** value ** ****'* *****.

*********** **************

******* *** ****** ** beefing ** ****** ******** is ** ******* **** with **** **** *** credential. *** *******, ********* users ***** **** ********** cards *** *** ************ has *** ***** ****** of ******** **** ******* lost/stolen ***** ** ****** codes *** ** ************ used. ** ******* ***** multiple *********** ******** **: *****-****** ************** ******.

*******, *** ******* *** ****** addition ******* ********* ****** in ********** **** ** credential ******* ******** *** issuing/maintaining ********* ***********. 

Scramble *******

**** ******* *** **** secure **** ******. * version ****** '******** ****' or '****** ****' ** not ******* ********* ****** in * *********** "*-*,*" orientation, *** ******* ********* the ****** ***** **** they *** ****. *** randomness ********* *** '****** wear' *************, *** ****** distributes **** ***** *** buttons. *** ****** ***** are ***** *****:

********** ** ***** ***** are *** ********** *********** of ****** **** **** a **** ******* ** a ****, ****** ** viewed ****** ******** ** front ** *** ****. However, **** *** **** expensive (~$*** - $****, compared ** 'non ********' *****) *** not ****** ********* ** the *** ******.

[****: **** ***** *** originally ******* ** ****, but ************* ******* ** 2018.]

Comments (22)

Many keypads on public areas (gated communities, certain buildings) that might require emergency responder access often have a code like "0911" or "9110", which further reduces their overall security.

Hey Brian,

Another good article thanks. Quick comment...not sure about labeling this method of access worst or best or anything else. It can be a very feasible security option in many applications...when considering specific criteria and customer needs. It is one factor authentication and certainly has limitations as you properly point out.

Last comment....many keypads (even inexpensive stand alone types) have non-volatile memory for multi codes/users. So if used effectively will mitigate or eliminate the issue of revealing keys using just one code. Still codes need to be changed for everyone time to time as you suggest.

Thanks.

Thanks for the feedback, Marc.

This didn't make the official "don't" list, but you should not write the valid code and tape it up near the keypad, either:

I definitely agree of course, but have worked at one place (a nursing home) where the code to get out of a secure building is noted above the keypad - dementia sufferers have no idea or quickly forget what the numbers are about so they can't easily "escape"/ wander off, but everyone else is easily and safely able to exit at any time. It wasn't my idea but seemed to work OK in that particular site.

We had these at a facility I used to work at. The scramble pads are pretty neat, especially in a card+PIN configuration.

We have from time to time received the access card from a departed employee and found it to have the code for turning off the BA system written on it! I imagine this might happen with PIN codes, too. Silly people...

And the release of the FLIR One attachment for the iPhone just made it that much less secure:

Good advice.  But please don't share with my wife.  Making sure the gas knobs on the stove are off stresses her out enough.  

 

 

Tell her to use her nails when punching in pin codes.  No need to explain further :)

nice video... very interesting uses...

Found all information very interesting. Never realized there was so much to consider when thinking about readers and key pads.

Low tech

I agree with this article big time.  This has to be the most easily manipulated access entry device.  Great examples above.   

Most access control keypad use is standalone. However if you do integrate it with a full scale system you need to be aware of what format your system wants from the keypad. If you get a keypad that spits out wiegand then your system may think it's a card reader instead. You might need to you 8 bit output or possible something else. Make sure you ask both manufactures before you order and waste time troubleshooting. 

Full Disclosure: I represent ProDataKey but in my sincere opinion, this is one heck of a Keypad both in functionality and aesthetics! 

ProDataKey Keypad

It looks good, but that is a 125 kHz (I'd guess 26 bit) clamshell card, isn't it?

Does that keypad RFID reader work with 13.56 MHz formats?

Correct 125 kHz only. 

I'd guess 26 bit

Based on this?

 

Yes 26 Bit. HID compatible.

Great article.

In the last 2 years we've begun received customer requests (a few) for scramble pads for use in healthcare areas such as memory support, team and medicine rooms. In most cases once the project bids the security system is often value engineered and made less secure to get the project back in the black.

 

I almost always urge my customers to move away from keypads for these very reasons. 

 

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
ProdataKey (PDK) Access Company Profile on Aug 09, 2019
 Utah based ProdataKey touts low cost cloud access, wireless controllers, and no dealer required national distribution availability.  But how does...
Axis Door Station A8207-VE Tested on Aug 07, 2019
Axis newest door station, the A8207-VE, claims to deliver "video surveillance, two-way communication, and access control" in a single device. But...
Mobile Access Control Shootout - Farpointe, HID, Openpath, Nortek, Proxy on Jul 29, 2019
One of the biggest rising trends in access control is using phones as credentials but which offering is best? IPVM has tested five of the...
Responsibility Split Selecting Locks - Statistics on Jul 22, 2019
A heated access debate surrounds who should pick and install the locks. While responsible for selecting the control systems, integrators often...
Mobile Access Usage Statistics 2019 on Jul 18, 2019
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new...
How To Troubleshoot Wiegand Reader Problems - Inverted Wiring on Jul 16, 2019
Wiegand is the dominant method of connecting access readers, but problems can arise for installers. In fact, one of the most difficult reader...
Nortek Blue Pass Mobile Access Reader Tested on Jul 11, 2019
Nortek claims BluePass mobile readers are a 'more secure and easy to use approach to access', but our testing uncovered security problems and...

Most Recent Industry Reports

Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Verkada People And Face Analytics Tested on Aug 16, 2019
This week, Verkada released "People Analytics", including face analytics that they describe is a "game-changing feature" that "pushes the...
Dahua OEM Directory 2019 on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Hikvision Scrutinized In The Netherlands on Aug 15, 2019
Hikvision is facing unprecedented scrutiny in the Netherlands, at the same time the US government ban has taken effect. This week, a Dutch...
Axis 4K Camera Shootout 2019 on Aug 14, 2019
Axis' 4K Q3518-LVE claims the "best video quality possible", with Lightfinder super low light performance, Axis' high end Forensic WDR, and...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact