Fancy resort thinking about going back to mechanical locks

[billdeserthills]

If the hotel frequently swaps the cores on the doors, then it would be harder to find the lock your copies key fits.

Gordon

That is genius! If they don't do that already, then they certainly should.

Seems like it would be a lot better than rekeying, especially if there is a master key system.

If someone was going to do this, then they should randomize the core swapping process. Any type of system that is repeated can be compromised with insider knowledge or just a bit of trial and error.

I understand it is standard operating procedure for many smaller hotels, to swap locks around onto other doors
This is done to save $$ on rekeying, it really doesn't have much to do with 'genius'. Reason is if an old client already
has a copy of a working key, he can sinply walk around trying that key, until he finds the room that knob is now on--
Now the guest inside that room can be easily robbed or worse and then, of course the lawsuit(s) begin(s)

[GWiens2001]

If the hotel frequently swaps the cores on the doors, then it would be harder to find the lock your copies key fits.

Gordon

That is genius! If they don't do that already, then they certainly should.

Seems like it would be a lot better than rekeying, especially if there is a master key system.

If someone was going to do this, then they should randomize the core swapping process. Any type of system that is repeated can be compromised with insider knowledge or just a bit of trial and error.

I understand it is standard operating procedure for many smaller hotels, to swap locks around onto other doors
This is done to save $$ on rekeying, it really doesn't have much to do with 'genius'. Reason is if an old client already
has a copy of a working key, he can sinply walk around trying that key, until he finds the room that knob is now on--
Now the guest inside that room can be easily robbed or worse and then, of course the lawsuit(s) begin(s)

But someone going from door to door trying a key in all of them would raise eyebrows at any hotel.

Gordon

[billdeserthills]

="GWiens2001"]

If the hotel frequently swaps the cores on the doors, then it would be harder to find the lock your copies key fits.

Gordon

That is genius! If they don't do that already, then they certainly should.

Seems like it would be a lot better than rekeying, especially if there is a master key system.

If someone was going to do this, then they should randomize the core swapping process. Any type of system that is repeated can be compromised with insider knowledge or just a bit of trial and error.

I understand it is standard operating procedure for many smaller hotels, to swap locks around onto other doors
This is done to save $$ on rekeying, it really doesn't have much to do with 'genius'. Reason is if an old client already
has a copy of a working key, he can sinply walk around trying that key, until he finds the room that knob is now on--
Now the guest inside that room can be easily robbed or worse and then, of course the lawsuit(s) begin(s)

But someone going from door to door trying a key in all of them would raise eyebrows at any hotel.

Gordon

Obviously if you are gonna sensibly reason it out it makes good sense

[dontlook]

And there are ways to derive master keys from valid keys and a stock of blanks(with some testing).

If the hotel just put the locks in, I'm guess thier next planned capital expenditure for lock replacement isn't for at oeast 5+ years (just throwing darys, if not longer). While it's a fantastic statement to say they are going back to physical keys, I'm not sure I believe it. By that time they will have had to learn how to segment and secure their key system(off the motherf&$; internet) and stop folks from surfing/checking email on it. Then it shouldn't be a problem.

[bitbuster]

Maybe I should rethink about bidding on these. 105 available.
http://www.acesbid.com/cgi-bin/mnlist.cgi?acesbid6/1112

[Jacob Morgan]

Remember, most hotels went to electronic cards around 20 years ago. Back then:
-CCTV was available but was sort of iffy--poor resolution multiplexed on VHS tapes, if someone remembered to load and save tapes.
-Limited databases, they certainly did not track what core was in what room when if they used IC cores.
-People could pay cash and check in under whatever name they wanted to.

Today:
-CCTV is cheap, good resolution on DVR's in elevators, stair wells, hallways, and lobbies.
-No reason why hotel databases could not keep track of what core was in what room when.
-People have to show photo ID and a credit card to check in to a given room.

If a hotel went with Best SFIC (as an example) then:
-High tolerance--not that easy to copy by the local hardware store (hardware stores do not punch keys), and if one of the more obscure keyways were used the hardware store will not have the blank at all.
-Have more cores than doors, randomly rotate them through but log which core is in what room in the database. Even if someone had a key, it might not open anything. And as others have said, someone trying a key on all doors will be picked up on CCTV.
-If someone does burgle a room, then check the CCTV footage and also query the database as to who had access to a key to that given core over the last few months. The hotel could hand the police a list of who had access to the key that worked that core and if some guy who lived in town showed up, among a long list of out-of-towners, then he gets a house call. If he matches a CCTV image of who entered the hotel the time of the theft, then he gets a free ride in the back of a police car.

And is someone really going to pay $100+ to stay in a good hotel room just so they can try to copy a key, that at best would open one door if they tried them all, or might open none? Even if they open nothing, expect the police to show up when the manager or clerk notices some idiot on CCTV trying every door up and down the hallways.

I don't know if mechanical keys will ever make a come back in hotels or not, but if they did I would not think that the security would be any worse off for it. One other thing, there are no zero-day hacks or methods of instantly opening all doors in a system using good mechanical locks, short of copying or making a master key. Not so with electronic locks, e.g., https://youtu.be/JIOnjGihUgg and https://youtu.be/mV_0k9Fh590. IMHO there is much more risk with electronic locks.

And the nice thing is good mechanical locks practically always work. In the article that was posted first, it sounded like it mainly just inconvenienced some skiers on holiday, but what if someone's elderly parent with dementia was in a room while one left to check on something at the front desk, or ditto if one had some children in the room and popped out for just a minute to get something out of the car, and then the card system went down and no doors would open from the outside. At some point they would start breaking down doors.

[DangerDane]

I don't know if mechanical keys will ever make a come back in hotels or not, but if they did I would not think that the security would be any worse off for it. One other thing, there are no zero-day hacks or methods of instantly opening all doors in a system using good mechanical locks, short of copying or making a master key. Not so with electronic locks, e.g., https://youtu.be/JIOnjGihUgg and https://youtu.be/mV_0k9Fh590. IMHO there is much more risk with electronic locks.

Plenty of hotels where I live are still operating with physical keys. But its mostly the smaller or older stand alone hotels that isn't part of a big chain or has changed to self-service or a kind of selfservice nature.

[Davis]

Depending on how seriously security is being taken in terms of key control, and depending on what sort of budget a hotel has for locks, there may be options in the high-security realm. For example, Schlage makes a SFIC variant of their Primus line, and also LFIC. Or, any of the ASSA ABLOY family of high-security locks with the electronic key heads/cylinders would be another candidate for consideration.

[GWiens2001]

Depending on how seriously security is being taken in terms of key control, and depending on what sort of budget a hotel has for locks, there may be options in the high-security realm. For example, Schlage makes a SFIC variant of their Primus line, and also LFIC. Or, any of the ASSA ABLOY family of high-security locks with the electronic key heads/cylinders would be another candidate for consideration.

According to Schlage:

Small format interchangeable core (SFIC)
Based on a plug diameter smaller than the standard 1⁄2", SFIC cores are completely
interchangeable with Best, Falcon and other SFIC installations. No Primus XP version exists.

Gordon

[demux]

According to Schlage:

Small format interchangeable core (SFIC)

Based on a plug diameter smaller than the standard 1⁄2", SFIC cores are completely
interchangeable with Best, Falcon and other SFIC installations. No Primus XP version exists.

Yeah, he probably meant to say Everest line. Though to be fair, the Everest SFIC stuff is in their B keyway family, which is restricted. It won't have the sidebar that Primus does, but would still be fairly difficult to get a duplicate key.

[Tyler J. Thomas]

Jacob is right.

Access control products haven't experienced the tremendous drop in pricing and improvement that CCTV has. CCTV is everywhere, access control not so much. It seems that access control pricing stays stagnant - they just add more and more features (that are almost never taken full advantage of).

Integrators sell access control systems at cost. They make their money on monitoring and maintenance contracts (much like alarm companies).

Mechanical systems, on a door by door basis, has access control beat in terms of implementation and maintenance costs. Having worked for and been employed by virtually all sides of the coin I cannot envision how access control can continue to make further in roads as things stand now. They're going to have to tremendously drop costs.

I've never known of a building owner that paid for access control integration for tenants. That's on the tenant. It's not in the budget for most. That's why nearly all access control systems are in that 2-10 door range. Only when the budget allows and only in areas where it's truly necessary.

Ok that's enough for my rant. Again I have no dog in the fight. I'm licensed and certified to work on both sides. No skin off my butt or money out of my wallet if the tide changes. I just can't see it happening though.

[Davis]

Ah yes, Gordon, thanks for pointing out my mistake. I was mixing up Schlage's lines. But at any rate demux correctly identified my point, namely, that Schlage would provide a couple of options that would well worth consideration.

But the more I think about this, the more I think that an "intelligent" electronic setup, like Abloy ProTec 2 CLIQ, would really be the most secure/efficient way to go. You would have the benefit of high-security mechanical locks, but no physical master-keying required, because the access credentials are between the key head and the cylinder. If there were ever a security breach, eliminating keys is easy. As for the cost, that can be handled through having a refundable room deposit fee, and keeping close records of which customers occupied which rooms. Anybody see any problems with this?

[Tyler J. Thomas]

Ah yes, Gordon, thanks for pointing out my mistake. I was mixing up Schlage's lines. But at any rate demux correctly identified my point, namely, that Schlage would provide a couple of options that would well worth consideration.

But the more I think about this, the more I think that an "intelligent" electronic setup, like Abloy ProTec 2 CLIQ, would really be the most secure/efficient way to go. You would have the benefit of high-security mechanical locks, but no physical master-keying required, because the access credentials are between the key head and the cylinder. If there were ever a security breach, eliminating keys is easy. As for the cost, that can be handled through having a refundable room deposit fee, and keeping close records of which customers occupied which rooms. Anybody see any problems with this?

They should still be be master keyed. Not every single cylinder in the building will need to be a CLIQ cylinder. Maintenance and housekeeping rooms come to mind. Hard to justify those costs.

But, assuming they did or the aforementioned rooms were keyed completely differently and staff had to carry an extra key, I still would highly advise against it. Let's assume that a vulnerability is discovered or the electronic portion of the cylinder is compromised in some fashion - any occupant holding a key at the time would have access to that room. If you put every cylinder on a traditional master key system then you still have the mechanical fallback.

Frankly, I wouldn't want to give a nefarious occupant the chance to walk away with a key and then only concern themselves with finding a way to bypass a small solenoid in the cylinder itself and therefore having access to whatever room he/she wants.

You're keying the cylinder anyways, why not take a few extra seconds to include a few master wafers. A simple two level master key system would be sufficient for most locations. 1 grand master and ever how many changes you need with future expansion built in.

They've got to find a way to offer a lower price to dealers though. Most access control jobs are 2-10 doors. It's hard to sell a product listed ~$600 plus a $700-800 programmer plus keys at $100 a pop and compete with a traditional access control system. 10 doors, that's $7000 in parts alone, and doesn't count keys or labor (though it would be minimal). I can sell a traditional access control system less than, including labor, with A LOT of room to spare. I got CLIQ certified for Mul-T-Lock when they first came out; I actually remember getting trained on it before the official launch. I've still yet to install or service one. It's a hard sell once pricing is discussed.

[demux]

Yeah, kind of agree with Tyler. If you're going with something as high-end in the mechanical space as a Protec2, it seems like there would be little extra bang for the buck to add electronics to it. Anyone with the skill/time/resources to pick a Protec2 cylinder or duplicate a Protec2 key is probably going to find a way to get in anyhow. Make sure you collect back the keys from the guests at the end of their stay, swap cylinders around on a regular basis with a good percentage in the spare pool, and pay someone to have the whole system re-keyed every couple of years, and you should be good to go.

As an added bonus if you really wanted to get fancy, I believe you can get a Protec2 in a retrofit Schlage LFIC format. So put Schlage LFIC cylinder housings in everything, put Protec2 cores in the high security areas (e.g. guest rooms), go with Everest or Everest Primus D keyway family for less sensitive areas like laundry rooms, pool, etc. The D family keyway is still restricted, so it would be more than casually simple to get a key copied, but you can spare the expense of the Abloys where they're not really needed. And since everything is Schlage LFIC compatible, if you ever decide that a currently-high security area should be low security or vice versa, all it takes is a couple of control keys to pop one type of core out and the new one in.

[peterwn]

.....

And the nice thing is good mechanical locks practically always work. In the article that was posted first, it sounded like it mainly just inconvenienced some skiers on holiday, but what if someone's elderly parent with dementia was in a room while one left to check on something at the front desk, or ditto if one had some children in the room and popped out for just a minute to get something out of the car, and then the card system went down and no doors would open from the outside. At some point they would start breaking down doors.

Card hotel locks generally have key over-ride with the cylinder being visible or behind a cover to deal with a failed lock. Anyway hotel engineering staff would know how to get a door open with minimal damage. One hotel had a means where engineering staff could access a room from an adjacent room - whether that was peculiar to that hotel or common practice I do not know.