Can credentials be duplicated? If someone knows our facility code, can they buy a credential online and access our building?
Credentials are often a “throw in” when planning an access control system. You spent a pile of money on fancy software and door controllers, you bought industry leading readers and paid for extra training and commissioning and install…so when it comes to credentials you cut some costs and go for the basics, which begs the question…..are you at risk?
Yes and No.
To answer the question posed at the beginning of this post, “Can credentials be duplicated?” the answer is yes, credentials can certainly be duplicated. But, in order for a duplicated credential to actually open a door, the duplicator would need to know the location’s facility code, the number range utilized at that location, and the type of frequency the card reader utilizes (26 bit, 35 bit, 48 bit).
The plot thickens.
Unless someone specifically knew the facility code (FAC), guessing would be almost impossible as the FAC’s can range from 1-999. Guessing the card number would be exponentially harder as the potential numbers include all numbers up to six figures. Throw in the variability of frequency, with three different options, and you have an intricate confluence of factors that are virtually impossible to guess. If, by some insane stroke of luck, someone was able to guess the FAC, the specific card number, and the right bit frequency, and then found the right reader and presented this hypothetical credential at said reader, the door would open. Thus, in theory, credentials can be duplicated.
If the above paragraph didn’t sell you on the impossibility of duplicating a credential at random, there are yet more layers you can add! Enter Access groups and Managed Shifts. In the BlueWave software you can create access groups of cards that only have access to specific doors. These groups must be delineated in the software and assigned to specific credentials – thus any credential without this access, even if it has the correct FAC, bit frequency and card number, will not open the door.
Managed Shifts work similarly. Each reader only works after a certain credential, say a Manager, presents their credential first, activating the door to everyone else who presents their credential later. Yet another way to create more depth to your system without spending a fortune on fancy, proprietary readers.
The reality is, even if a card can be duplicated which is unlikely, given the utility within our software, it is very very unlikely that someone can gain access to your building with a phony credential. Granted, if they throw a brick through the window…..credentials won’t be of much use.