Four Things to Consider When Choosing Your Credentials
In the access control world, the word credential can often mean different things to different people. An access control system allows system administrators to customize and control who can gain access to certain areas in a building by utilizing credentials to confirm a person’s identity.
Typically, stakeholders look at a credential from a security perspective and choose one based on the security details. But a user’s perspective can be very different because most people want a convenient, easy way to enjoy seamless access throughout their office, school or any type of facility with a physical access control system in place. The ideal solution has the right balance between security and convenience, knowing that the investment will pay off long term in many different ways.
Selecting the most effective credentials for your organization can be challenging because many considerations should be reviewed to help make the right decision.
There are many different types of form factors when it comes to physical credentials. Each has its own unique set of advantages and disadvantages for users.
Key fobs, ID cards and wristbands. These types of physical credentials are carried by users and grant access with a tap, swipe, or wave. Upsides to this traditional model include broad hardware support, and lower cost, as well as ease of use and deployment. Downsides include plastic waste, varying degrees of security, and the time and difficulty associated with administration and replacement of lost and stolen credentials. When choosing this option, look for high-security encrypted credentials that minimize the ability to be replicated and offer multiple storage options to support applications beyond access control.
Keypads and PIN. This type of credential is used when doors have keypads that grant access when users enter the appropriate PIN. The benefit to users is convenience because it does not require individuals to physically carry something with them. If the PIN is used as the sole credential, however, it can be easily shared and create a potential security risk. To address this, the PIN can be used in combination with an ID card, fob, or wristband, giving this option greater security with strong multi-factor authentication. A secondary remaining consideration is that individuals might forget passwords or PINS, requiring continuous support to reset them.
Mobile. Growing in popularity due to the combined convenience and ease of use, mobile credentials allow users to be granted access with their smartphones. Users find value in having their credentials protected and stored on their mobile devices rather than needing to remember their keys or ID badges. Administrators find value in easily managing user permissions remotely and utilizing contactless distribution. Additionally, mobile credentials are more secure, thanks to improved security technology like multi-factor authentication.
The days of using a mechanical key as the sole credential type are slowly dwindling because most businesses have recognized the value of upgrading to electronic credentials. Today, more organizations are using advanced forms of credentials that include both physical ID cards and mobile credentials. Understanding how credential technologies have evolved can help when evaluating your credential platform.
Magnetic stripe. This option can be compared to a cassette tape player, with the information encoded on the magnetic stripe. There is no encryption for this legacy technology.
Proximity technology. Proximity credentials use RFID technology, almost like an AM/FM transmitter and receiver. When in range and tuned to the correct frequency, the hardware can pick up the signal to read the information on the credential. This legacy technology is not encrypted, leaving it exposed to the possibility of duplication.
Smart technology. Like proximity technology, smart credentials use RFID technology. However, they also use a microprocessor and encryption algorithm to protect the data when it is transmitted over the air. Different levels of security are available, including MIFARE DESFire technology with AES 128-bit encryption.
Mobile. Two mobile credential solutions are available in the market: Near-Field Communication (NFC) and Bluetooth Low Energy (BLE). Both solutions leverage best practices for security and encryption; however, they each provide different user experiences. NFC mobile credentials are similar to physical cards or fobs when they are added to Apple Wallet or Google Pay. NFC credentials stored in the wallet can also be used for vending, dining, and other services, in addition to access control. BLE credentials generally require the user to open a mobile app on a smartphone and show intent by making a motion or tapping on the door.
Use of Credentials
Security and IT professionals are faced with a myriad of choices when it comes to credentials because functionality can go well beyond access control. In many cases, a single credential can be used for secure printing, point of sale, cashless vending, public transportation, and more. How an organization wishes to use its credentials is directly related to the type of credential technology that should be considered.
It is also important to understand the difference between proprietary solutions that can lock you into a single manufacturer versus open and interoperable solutions that offer greater flexibility. It may be beneficial to consider ownership of custom encryption keys designed to work across multiple manufacturers.
Typically, implementing a credential solution requires a significant investment that will pay back in the long term in different ways, including lessened operating costs, improved efficiency, and reduced security risks. Organizations should not only look at their short-term needs, but build a long-term strategy when reviewing their options. Most credential solutions are designed to be scaled over time, and it is common to take a phased approach. The transition from mechanical keys to electronic credentials often starts by first upgrading to electronic hardware on perimeter openings and sensitive spaces like IT closets or records rooms. Then, additional doors are transitioned as needs change and budgets permit.
The process of selecting the right credential takes time because there are many different factors for organizations to consider. It’s important for key stakeholders to analyze how their credential platform can deliver the most value for their organization, now and in the future.
As we move forward and credential technologies continue to evolve, we will see a significant shift from legacy card technology (like proximity and magnetic stripe) to secure smart card and mobile technology. From small to medium to enterprise-level organizations, each has their own unique set of needs when it comes to credentials; but one need that remains constant is providing a more secure environment for all.
Jake Fergerstrom, product manager, physical credentials, Allegion, is responsible for executing strategic projects across the Allegion electronics portfolio of credential and reader products. He is also a member of ASIS International.