Electronic keys are coming to multifamily. But you need to
take steps to keep them secure.
For Diana Pittro, executive
vice president of Chicago-based RMK Management Company, the banks of keys
hanging in her leasing and maintenance offices are slowly disappearing. In
their place is a PC-like console where the company codes the electronic fobs it
now gives residents instead of traditional keys.
Each of those fobs can be
programmed to open an individual apartment door, as well as other common areas
in a building, such as a fitness room or clubhouse theatre room. That means
residents can carry just a single fob that opens all the areas they have access
to, instead of multiple cards or keys.
“That alone is much more convenient
for residents,” Pittro says.
Long used in businesses, hotels and
campus settings – where facility-wide control allows for lockdowns in emergency
situations -- keyless electronic access is now becoming more commonplace in
market rate apartments as well. Add to that the raft of consumer-oriented smart
locks that have been hitting the market and synch with smartphones using
Bluetooth technology – August
Smart Lock and Kwikset’s Kevo are two – and it’s clear that physical keys
are going the way of CDs and VCRs.
The reasons why are clear. Pittro’s
fobs can be programmed to provide access to just one or both of the towers in a
two-tower property, and can be used for other amenities, ranging from storage
lockers to parking garage access. Using the console that came with the system,
Pittro’s leasing agents and property managers can set the times that residents
can access those areas – say until 10 p.m. for the community theatre room -- and, in the case of lost or damaged equipment,
identify who used a room last. “It allows you to customize access down to the
individual resident,” Pittro says.
RMK has been deploying Winston-Salem,
N.C.-based Kaba Access Control’s multihousing
“SafLoks” to new buildings as they’re constructed, and outfitting older ones
when they’re remodeled.
“It costs more at setup, but it’s
cheaper in the long run because you don’t have to change the locks when someone
leaves,” she says. “Plus, now, I don’t have a million keys floating around. Or
worse, a master key that can open any lock in the building. With this system,
you just don’t have that.”
Cost to set up the system has run
RMK (or the owners of the 30 buildings and 7,000 units RMK manages) between
$400-$500 a door, or about $200-$300 more than a traditional keyed locking
system. But because Pittro can simply reprogram the fobs when a resident
leaves, instead of changing the locks, she says RMK believes it will save money
in the long run. Plus, by charging residents $25 per fob, she says they do a
much better job of returning them than traditional keys.
“It’s just a reality of apartments,
people are not very good at giving their keys back,” Pittro says. “With this,
if I don’t get it back, I can just block it from the system. It just makes more
sense to have a key that you have control over through programming.”
But while the advantages of keyless
access are many – automated reprogramming for apartment managers, no more rogue
keys, and access control options to various parts of a property during
pre-programmed periods -- apartment owners need to be aware of the inherent
risks of giving residents electronic access to their properties. Namely, as
with any electronic network, you’re also providing a potential gateway to
anyone who can hack into the system
“The main risk, of course, is the
issue of duplication, and how easy it is to duplicate that electronic key,”
says Sam Rehman, chief technology officer at application protection firm Arxan
Technologies. “Before, I would actually have to steal a physical key, duplicate
it and then distribute it. Now, I could literally just post that key online,
and then everybody would have access to your apartment building.”
Arxan provides security to smart
phone apps to prevent exactly that, by making sure that the identity of the
person using the key is encrypted. But other methods of duplication are also
possible. For instance, just as cyber criminals have installed so-called
“sniffers” on retailers’ credit card terminals, ATMs and gas pumps, they could
do the same with electronic entry access devices.
“The goal, in that case, is to
monitor the protocol so that as people walk close to the door and open it, they
can record the information that goes back and forth, and then see if they can
find any patterns in the information,” Rehman says. “It’s very doable.”
And criminals could, of course,
purchase the types of machines that RMK uses to code its fobs, and try to
reverse engineer the system to break any encryption, just as they might try to
steal traditional keys and duplicate them.
“The critical element comes down to
how people store these electronic keys, and the security they build into the
system,” Rehman says. “If you’re talking to a vendor, you should ask them how the
keys could possibly be duplicated. If they say they can’t, you really need to
start asking more questions, because there’s always a way.”
At the same time, Rehman says the
benefits of programmable, keyless access for industries like multifamily, hotels
and short-term rentals such as AirBnB and VRBO.com outweigh any perceived
risks.
“As with any security-related
issue, it’s always a race,” Rehman says. “We just need to keep innovating to
make it so expensive and time consuming to break into the system that it won’t be
worth it to the criminals to try doing so.”
If manufactures and vendors can do
that, keyless access for apartments could open a whole new door of opportunity
for the multifamily industry.