Every now and then I see tweets like this one.
It’s inevitable that keypads will wear, dramatically reducing the number of options over which an intruder need search in a brute-force attack.
So why not design for it at the outset? Make and sell pads that have four or five of the keys pre-worn. If other keys wear down over time, it would be much harder to tell which are newly worn, and which were always like that. And an intruder could never really be sure whether the pad had pre-worn keys unless he’d been watching the door since it was installed.
Seems pretty obvious as solution. So why don’t we have it?
- Systematic underestimation of keypad tendency to do this?
- But then wouldn’t some clever firm take the market by pointing things out to consumers?
- The solution not having occurred to anyone else?
- This seems exceedingly unlikely; it is too obvious
- Most purchasers caring less about security than about having been seen to have done something about security?
- Maybe, but that can’t hold in general
- Buying this kind of keypad binds security-conscious places to rotating their codes every few months lest the code become common knowledge, with some firms then failing to follow up?
- Seems unlikely: the ones that care about security to start with don’t need the binding.
Here at the New Zealand Initiative, we rotate our door code every few months through the different digits.