What are the alternatives to door passcodes?

Question

Passwords have been a problem since the dawn of computing. They tend to be either so complex that no one can remember them, or so obvious that anyone could guess them.

...

Some users choose to write their passwords down on paper and keep them in their desk drawers or (even worse) stick the paper to their computer screens. - ComputerWeekly

Assuming that I'm a doors manufacturer trying to avoid passcode-based door locking systems.

What other authentication techniques are there that are quicker / easier than passcodes, but don't reduce security?

What are pros and cons of each one?

Answer 1

As a general rule to remember: Don't make it to hard to use! If it's to hard to use and you keep forgetting, all you've done is shown that you need a different security method to make your door usable.

Things mentioned in this post:

• Private/Public authentication (keys)
• UUID pre-authentication (fobs)
• MFA(specifically 2, fob and code gen)

Things mentioned in the do not use section:

• Biometry
• Security Guards alone
• Cameras(security theater)
• Security Through Obscurity (Handshakes/patterns)
• Roll Your Own Security

  ---

Well, with a door there's always physical security like keys to look at.

A lock is a private/public system where a physical public key is used to access the internal private mechanism (tumbler). When a user inserts a copy of the public key, they can gain access to the door and can modify its internal states (including unlocking, and locking it themporarily). This can be enhanced further by a timeout that causes the lock to lock itself, preventing follower.

Pros

• Faster (put in place, turn)
• Easier (one action)
• Almost as secure as passwords (replication based on sight)
• User Pre-Approval (only a copy of the public key gains access, so you control in advance who gets it)
• Strong to interception (someone would have to run a pretty strong grab attack to gain access)
• Widely accepted and used (most people are already used to the system)

Cons

• Bad users replicating keys and leaving them around (only an issue if someone can find the lock it goes too, but worth mentioning)
• Bad users giving copies of the key to other people who aren't supposed to have access
• Bad locksmiths who keep copies of the keys for nefarious reasons
• Loss prevention (he who has the key, has the power)

As you can see above, unless you run into some bad user/system adminlock smith situations you should be fairly safe as long as you make sure your ciphertumbler is safe against the usual brute forcebump key/tamper (lock pick) tactics that exist out there and is installed with long screws and a strong door frame.

---

Okay, let's say you want to completely do away with passwords. Now you can do something called a universally unique identifier (UUID) with pre-registration to the lock.

For this you generate a long, hard-to-guess string that gets stored on a device that gets registered with the system in advance. If that generated thing was always registered in advance you can easily change it and try to restore it before you put it on the device to give to the user. Now if the user wants access, they just put the device up against a reader, which confirms the string with your security system, and they gain access!

Pros

• Faster(put against square, wait for light)
• Easier(one action)
• More secure than passwords
• Ease of use(just put it on a small square, and you're in)
• Pre-registration means easy tracking
• UUID is so unique it can register every atom in the universe(good luck running out)
• Impossible to replicate without already knowing the string

Cons

• Bad system users (users with access to the codes internally could cause issues, scripts are you friend)
• Loss prevention (whoever has the fob, has the power)
• LOSS PREVENTION

Really this system is as secure as a key, but gives the extra advantage of unique "fingerprints" for the device they use to enter the building, meaning you can easily track who comes and who goes with what key.

That loss-prevention con is a big one though, as then the person needs to come back, prove they are who they say they are, and you need to invalidate the old key, flag it to watch for someone who stole/found it and tries to gain bad access, and give them a new one with the hopes it won't happen too often.

---

If a key is something that is easily captured or replicated in the part of town your door is going to be installed in, or your users are REALLY bad about loss prevention, you could instead look at pinned unique identifiers like magnetic key fobs and a time-based password delivered over text message or through a special device, which is called 2-Factor Authentication

Using this technique, a user is given/makes a password to the security/lock system which is stored in a key fob. Then they register their phone with a service that will generate the other password they need to enter for them upon their request. Now when a user wants to gain access, they present their key fob and enter their password from their phone into the keypad. This provides extra security from bump keys and locksmiths because you can tie a security system into it and analyze who tried to gain illicit access in an incorrect manner so you can lock out their credentials and they have to come and get new ones at security.

Pros

• MUCH stronger security than passwords
• VERY strong(the password can be good for as little as a minute if you decide to set it up that way
• Extra security techniques (you can instantiate rate limiting, lockouts, and credential rollover)
• Pre approval baked in (they have to register with you to even make their fob active)
• You can know the exact time frame someone logs inunlocks the door based off of the password that got confirmed (once confirmed, write and entry in your security logs)
• Uniqueness (each fob stores something from the user, and each text is based purely on the pre-authenticated phone number which allows for limitless unique entries in your security system)

Cons

• Loss prevention (if someone loses their phone/fob you have to reissue a whole new credential for that part of entry)
• Ease of Use (you always have to have these present. If you forget one you have to go get it)

Wow, that's a short list of cons with a long list of pros! Heck it even gives you remote security abilities!

It's a little hard to implement though since there are a lot of systems that would have to be put in place, but that's not really a con and more of a setup cost.

---

The "do not use" section

Biometry is a cool idea, but horrible in practice. This is like fobs, but accuracy can't be guaranteed here, and it can be thwarted with something as simple as silly putty. People also change over time. It's just a bad in practice.

Security Guards when used alone is also a don't-use this protocol. They can be overpowered, bribed, subverted, and have biological needs that may cause holes in your security during unknown times.

Cameras provide NO SECURITY on their own. They're really more of an addition to security, and can't actually stop something. It's akin to a Security Theater. Sure you could watch it all you want, but really all you're doing is fooling yourself into thinking it's secure. Someone can still break in if a camera is there, and it's really easy to hide from.

HandshakesSecurity through Obscurity is another bad case of security theater. If I have to knock twice, say a phrase, knock again, and then turn turn the key why would I ever use this system? I'd look like an idiot, and someone can just replicate the steps. You gain no more security here than you do with a key, and it's harder to use.

Making Your Own Security Protocol/System should be avoided at ALL costs unless you're doing it for research and testing purposes and let EVERYONE bang on it to confirm just how smart you are (or bring you crashing to reality on how bad your idea was). Until it's proven as safe, it's nothing more than a really bad play in the Security Theater showing.

Answer 2

Biometry is an option. A sensor identifies a physical attribute of your body like your face, your voice or your fingerprint.

Pros:

• Your physical attributes are something you always have with you and can not forget

Cons:

• Physical attributes actually can change over the course of your life, both slowly through natural aging or quickly in case of an accident or a medical condition.
• Most of your physical features aren't secret, which opens up the possibility of attacks using props which mimic your appearance. Changing your physical characteristics once compromised is often impossible or very unpleasant.
• Systems commercially available today still have rates of false-positives and false-negatives which aren't acceptable for high-security systems
• Rubber-hose cryptanalysis becomes bone-saw cryptanalysis which is even less pleasant for you.

Answer 3

Ideally you would use 2FA where one factor is something physical that you must possess, and the other factor is something that is stored in your head and cannot easily be lost or stolen. Door codes are great for this if they are short and easy to remember, and also used in conjunction with another form of authentication such as a physical key fob. Imagine the following "smart door" that allows for both short and long codes, where the short code is just 2-4 digits long.

The smart door would have the following parts:

A Keypad for manual codes, a fob, and the ability to change settings remotely

You should have the following options:

1. You can choose to allow entry with just the fob, or the fob and a code, or just a code. The fob should work from at least a few feet away so that when you are entering in the code you can leave the fob in your pocket.
2. You can choose to allow different settings for different times of the day. E.g. you might allow just the fob during normal hours, and require both the fob and a short code during off hours.
3. You may choose to have a long code which can be entered without the fob, in case you lose it.
4. You should be able to receive alerts when someone attempts a code without the fob. This protects against the case where someone watches you enter in the code and doesn't realize you had a fob in your pocket, they may later attempt to gain access by repeating your code. The alert should also tell you if the code was correct, so you know if you need to change yours.
5. You should be able to receive an alert when an incorrect code is entered with the fob. Assuming you lost it, hurry up and go get your fob back!
6. You should be able to remotely change certain settings. E.g. if you lose the fob, you may wish to disable the fob altogether until you find or replace it.
7. All fobs should be configurable so there can be different settings for each fob. E.g. one fob may require a code whereas another may not. All fobs should be able to have their own corresponding codes.
8. You should have the option to create a lockout policy after X invalid attempts.

BTW, this is pretty much how ATM cards work, but Fobs are more expensive and more difficult to clone.

Answer 4

Generally speaking, this is a question of authentication: How do I know who you are, and how can you prove it to me?

Within that, the answers fall into a few categories:

• Something you have
• Something you know
• Something you are

There are many different ways to take apart these categories. For example, "something you have" could be a 2FA token, a smart card (with embedded certificate), or a decryption device, like a one time pad or code book. "Something you know" could be a password/passphrase, or the answers to security questions. "Something you are" would generally fall under biometrics, things like fingerprint, voiceprint, facial recognition, etc.

All of these can be defeated. For example, "something you have" can be stolen, "something you know" can be taken via force or legal action, and "something you are" can be taken from you via violence. Generally these authentication methods can all be spoofed in some way as well.

The question you specifically asked is "What other authentication techniques are there that are quicker / easier than passwords, but don't reduce security?" Quicker/easier is almost always going to point you to biometrics. They require no new equipment for the end user (no need to distribute keys) and relatively little concern about loss/theft. There is no fumbling in pockets to look for keys, no worries about giving a key to the neighbor to watch your cat, etc. There is also non-repudiation for access, meaning you can (more or less) identify who came in and when. In terms of the speed of authentication, I suppose that would be depend on whether it was local or remote.

There are three major cons that I'm aware of:

• Inaccuracy. In particular, many fingerprint readers have high error rates, in one largish study in Canada, only 81% accurate: http://www.andrewpatrick.ca/essays/fingerprint-concerns-performance-usability-and-acceptance-of-fingerprint-biometric-systems/
• Catastrophic failure. If someone wants to get in, the only way they can do so is to cut your finger off, cut out your eye, or other similar horrors. Better to have a key you can hand over.
• Natural change. Voice, fingerprint, faces, and eyes all change over time.

Obviously the final evaluation of the security of the product depends on the implementation of many details, but I hope this helps as a way to get started.