FAQ  •  My feedback  •  Feedback
UKLockpickers.co.uk Lockpicking supplies such as Lockpicks, tools, and more! COMMANDOLOCK.COM Military grade padlock systems lockpickshop.com A source for lockpicking supplies such as lockpicks, locksmith tools, and more!

Biometric locks



User avatar

Active Member

Posts: 285

Joined: Wed Jan 04, 2017 4:13 am

Location: Germantown, Ohio

Post Sun Jan 27, 2019 5:57 pm

Biometric locks

Pro locksmith types, what are your current opinions on biometric locks? People seem to really really want them.

For me, I'm still trying to talk them out of them where I sell the personal safes at work. We carry Liberty and StackOn with fingerprint scanners, and I've been testing them daily to see if they'll consistently open for me. I think they're especially bad for this, as one may need to get one's defense gun out quickly in an emergency. I get really dry chapped skin on my fingertips a few times a year (like right now) and it pretty much guarantees I won't be able to open any of them about 60% of the time. There also seem to be a lot of fairly easy ways to fool them, and now theres an AI that can apparently create fingerprints that work like a master key for all of them.

This kinda leads into a deeper discussion about electronic/networked/IoT locks and whether adding so many additional levels of vulnerability to a mechanical lock is really helping anything. I guess it's super convenient to be able to unlock your house with your iPhone or whatever, but it sure makes it convenient for hackers at the same time, and coming from a background of web security, I'm not convinced we're ready for the potential exploits.



User avatar

Prolific Poster

Posts: 1154

Joined: Sat Nov 26, 2016 6:19 pm

Location: Germany

Post Sun Jan 27, 2019 6:13 pm

Re: Biometric locks

Not all fingers, finger conditions and hands are suitable for fingerprint sensors. People working with cement are damaging the skin, so that the sensors do not work. Too dry skin prevents them to work. At the German Government Printing Office is (or was) one guy where every fingerprint sensor did not work. And obviously people without fingers do have problems.

I know a gun club which bought a safe with a fingerprint sensor, which required fingerprint and PIN. The PIN is for the standard security and the fingerprint for making the passing on of credentials more difficult. If somebody can plan in advance he can make fake fingerprints from what you touch and from a photo from the hand. (Modern cameras have a resolution high enough for this purpose.)
In case you wonder ... Martin Hewitt is a fictional detective in stories by Arthur Morrison:
Martin Hewitt, Investigator Chronicles of Martin Hewitt

Patrick Star

User avatar

Active Member

Posts: 293

Joined: Sun Apr 10, 2016 9:40 pm

Location: Sweden

Post Sun Jan 27, 2019 10:27 pm

Re: Biometric locks

Not a professional locksmith, but I do a lot of work with electronic access control systems.

Biometric locks are crap for most applications. End of story.
Even if they somehow worked perfectly with no false negatives or positives - which they don't - you still have the issue that you can't change a compromised biometric identity.
Most products you'd encounter are essentially toys.

And I do wholeheartedly agree that in terms of predictability, security failure modes, and in many cases overall attack/manipulation resistance, mechanical locks are superior to anything electronic.
Anything that involves a phone and/or The Cloud (TM) should be considered a toy as well, perhaps suitable for standard home use at most (not to mention reliability issues - wanna get locked out of your house the next time Amazon S3 goes down?)
It's not actually outside the realm of possibility considering what has happened in the past that some gang of professional burglars would actually go around exploiting a vulnerability in a specific lock.
And how much of a security single-point-of-failure do you really want your phone to be?

However - in general, electronic systems do offer some unique advantages. The ability to easily block individual tags/tokens is an obvious one. Audit logs are another.
This would be a proper two-part (i.e. the actual thing controlling it doesn't sit on the outside of the door) system with a tag+PIN, not some stupid app.
You of course have other things to watch out for - everything from RFID tag cloning to the database getting compromised (server hacked, central unit stolen, etc).

I always suggest combining an electronic and a mechanical locking system. Either with an entirely separate mechanical lock (that could for example be locked outside of normal office hours), or a combined system such as CLIQ.

Return to Professional Locksmiths

Who is online

Users browsing this forum: No registered users

Don't forget to visit our sponsors for all of your lockpicking needs!
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Grop
"CA Black" theme designed by stsoftware