Originally Posted by
docbert
Generally the keys do have information about the room number, check-out date, and some additional information that the lock can use to lock-out other keys. The locks themselves are generally NOT linked to a central system, so have no way of validating information, or of receiving any information about which keys are in use. The better systems (especially those using RFID) will include a mechanism for "signing" the information so that the lock can confirm it's legitimate.
All of the hotels in which I worked used locks as
docbert describes above. Although, we didn't have RFID at the time. Since the locks can't directly communicate with the key machines at the Front Desk, they use a rolling code. That process is what
RogerD408 mentions here:
Originally Posted by
RogerD408
From what I have gleaned over the years is the lock (no connection to a central system) has a current code and when a key is used that matches, fine door opens. This is why they ask if you lost your key or not. The lock is also capable of moving to the "next code" thus locking out all previous keys. I've heard some even invalidate all codes if a wrong key is used multiple times (someone at the wrong door). It's a simple process, but seems to work. If someone really wanted to break in, then they could go through the hassle, but then that's true for just about any lock, key card or not.
The lock only looks for the current code or one of the subsequent codes. Where I worked, those codes were 128-bit level of encryption. According to this website, that's basically a random 39-digit long number. It seems to be basically unhackable unless you have access to the encoder scheme or are the luckiest person in the universe.
"[E]ven if you build a world-wide network of super-computers designed just for the purpose of trying combinations as fast as possible, it would still take more than 100 billion years on average to stumble on the right one."
https://discover.realvnc.com/blog/ho...256-or-512-bit
Originally Posted by
docbert
The fact that information is there doesn't mean that the front-desk staff can actually read it, nor that they should use it over an ID check when issuing a new key...
Circling back to
docbert, security is only as strong as the weakest link. By design, no one at a hotel Front Desk should have access to any machine/technology that can decrypt a guest room key. Even when I was a Night Manager, I didn't have access to that machine. It's not like a TV show where detectives hand a key card to some random Front Desk clerk and 5 seconds later they get the room number. You had to be the Director of Security to get to that machine and that only happened in an emergency or with the approval of the General Manager.
Originally Posted by
Zorak
While I agree that security theater is bad, it's not clear to me this is an example of it.
Zorak pretty much sums up my opinion on this topic. I despise security theater. This is not security theater...it's basic security for both the guest and the hotel.
I find it rather remarkable that anyone is complaining about needing to show ID to do anything related to guest room security.