Gate Access Control: Doing It Wrong

Access Control: Doing it Wrong

I have several photos like the one below.  Friends who know me know that I like locks, and sometimes send these photos to me.  I occasionally run across a gaggle of locks like this, and perhaps you have, too.  There is a reason gates are sometimes locked like this.  This is a method of gate access control.  This gate protects a facility that must be accessed by multiple parties.  These parties may not want to share a key or combination with each other.  Parties may also arrive at infrequent periods to gain initial access.  The property manager can unlock his lock, introduce the new one into the chain, and grant repeated access.  There is a serious security issue with this arrangement, however.

Gate Access Control: Doing it Wrong

If you look at the image you can see that the specific lock makes and models vary widely.  Some of the locks are decent quality, like the American 700-series lock at left and what appears to be a 5200-series at far right.  Others, not so much.  The brass-colored Master-brand combination lock on the right side of the frame is so easily defeated that special tools are made for the purpose.  This means that the security of the gate is reduced to the lowest common denominator.  To get in you don’t have to defeat any particular lock – you just have to defeat any of them.  There are other, better ways manage a small system like this without spending a fortune on an electronic access control system.

Gate Access Control: Do it Better

Key alike or master key:  the property manager (PM) could have a single lock, and give everyone an operating key.  The PM would have to maintain a stock of spare keys, which should be a negligible effort.  The major problem here is the difficulty in revoking a user.  To revoke a user would require a rekey of the system.  Each non-revoked user would have to contacted and make arrangements to pick up the new key.  This could be problematic if even a single user is hard to get in touch with, or for whom making a special trip to pick up a key is onerous.

Gate Access Control: Do it Better

Issue locks: The PM could provide padlocks to users.  This is perhaps the best solution, provided only a few locks (<10) are needed.  This would ensure that all of the locks would be of the exact same quality.  The PM should also have these locks master keyed.  His key would open any one of the locks, but each user could only open his or her lock.  This would give the PM the ability to revoke a user if needed.  The PM could simply remove that user’s lock using the master key.  The PM would not have to issue new keys as would be required if a single lock was rekeyed, and the revoked user would not be able to open any other lock in the chain.  Each lock should be labeled to prevent each use from having to test multiples when accessing the gate.

This situation could be greatly improved with only minimal investment.  If it’s worth locking up, it’s worth using a decent lock on.  The assumption that “a lock is a lock” is fraught; security varies greatly between makes and models.  Though most of the locks on this gate are decent, some are not.  Even a single vulnerability is enough to allow access to an unauthorized party.

If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.

Leave a Reply