Hotel room zero-factor authentication

22 Nov

A few nights ago I stayed in a Hotel in London. On returning to the room after dinner, my room key card did not work.

This has occurred a few times recently, I need to learn that putting the magnetic swipe room card, next to my mobile phone that has a magnetic catch on the case is not a good idea.

Anyway, off I trundled to reception to say “my key card does not work” and handed over the key.

No problem sir, what room are you in?

I duly gave my room number, and the receptionist kindly re-programmed it and handed it back to me. How very helpful.

The 2nd receptionist at the desk quickly interjected

You need to check his identity!

This sent me quickly thinking about what forms of ID do I have on me. The 1st receptionist quickly asked

What is you name please?

And that was it. The only form of ID I needed was knowledge of my own name. Does this even count as one-factor authentication?

So, if you happen to stay in this particular London hotel room, keep your room number confidential, as all I need to get a key for the room, is knowledge of your name and room number.
Maybe this is not a surprise to some of my security readers, and I guess on reflection not to me either, but it severed as a useful reminder of how trivial it is to defeat security systems that rely on humans.

2 Responses to “Hotel room zero-factor authentication”

  1. Colin Robbins November 27, 2012 at 19:39 #

    A related article showing how easy it is to break hotel key card systems…

    http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/

    Like

  2. Colin Robbins May 13, 2014 at 22:32 #

    Oh no, similar just happened again. Have photo’s this time. Re-blog pending…

    Like

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: