There is a broad appeal to the idea of using a smartphone or wearable device as a credential for physical access control systems. Smartphones already perform a range of tasks that extend beyond making a phone call. Shouldn’t opening the door at a workplace be among them? It’s a simple idea, but there are obstacles for the industry to get there from here. We asked this week’s Expert Panel Roundtable: What are the challenges and benefits of mobile access control solutions?
Mobile access control solutions are an exciting innovation in a market where the day-to-day user experience hasn’t changed much in the last 20 years. One area that has clear benefits and challenges is in improving the user experience. On one hand, physical credentials are expensive and a hassle to administer; however, they work reliably, quickly, and predictably. Mobile credentials are convenient in that everyone already has a smartphone, and you don’t have to admin or carry cards; however, when you’re actually standing at the door they need to work as well or better than physical credentials, or the benefits are lost. Inertia is a powerful force, and if you look at the adoption of mobile credit cards, it has taken a long time for consumer behaviors to change. As the user experience improves, it’s easy to see a not-so-distant future in which physical credit and access cards are rare.
There are numerous benefits to using mobile access control solutions, and it is proving to be particularly popular post-COVID due to the reduced contact required to present credentials. By presenting an authenticated mobile device using BLE or NFC, there is no need for contact by the individual, and the reader also avoids any touching, thereby significantly reducing the likelihood of disease transmission. Cost is another benefit – once the appropriate reader is installed, cards or tokens can often be discarded as users simply use their mobile devices. This also reduces the administration costs, with credentials approved centrally and then sent to the mobile device remotely, rather than needing to physically issue or retrieve cards/tokens. There are also practical and security benefits – users leverage the already stringent authentication of the mobile device (often fingerprint or facial recognition). New authentications are but can also be withdrawn instantly with security or employment changes.
Nearly everyone who has carried a physical access credential has at one time or another lost it. Often, we don’t report a lost credential, assuming it will show up eventually. But the longer a missing credential goes unreported, the greater the chance of unauthorised access. Conversely, everyone carrying a smartphone knows where it is at all times. If it goes missing, an all-out search begins immediately and credentials on that device can be disabled. Multi-factor authentication makes it difficult to use that credential to gain unauthorized access, and proper device security can disable the device after multiple incorrect login attempts. Mobile apps are constantly updated, and new security policies can be easily distributed to the mobile credential. Mass notification of events can be quickly broadcast to all credential holders. Finally, mobile credentials are difficult to clone, unlike physical cards. Mobile credentials deployed across all users ensure a safe environment.
Mobile access control solutions can come with some challenges; however, the benefits can outweigh these challenges. Some people are reluctant to put company applications on their personal devices or may find taking their phone out of their pocket or purse inconvenient when their company may require them to wear a badge anyway. Others report inconsistent performance — sometimes they may leave their phone in their pocket, and it works, while other times they may have to touch their phone to the reader for it to work. And some perceive the cost of a mobile credential to be more expensive than a physical badge. Since a person usually has their phone in their hand already, it is much easier to hold it up to the reader than to fumble for their badge. Users can also store multiple badges in their mobile phones to get into more than one location.
Many mobile access credential solutions require the use of back-end portals. For hackers, portals can be rich targets, often containing sensitive end-user data. These types of mobile solutions so often force the users to register themselves, and sometimes their integrators, for every application. Each registration requires the disclosure of sensitive personal information. Bookkeeping alone can be confusing. Farpointe’s Conekt distributes credentials with features that allow the user to register their handset only once and need no portal accounts, activation features, or renewal fees. Secondly, OSDP Verified equipment ensures that security equipment such as card and biometric readers from one company interface easily with control panels and equipment from another manufacturer, fostering interoperability among security devices. Customers’ new equipment will provide bi-directional communications between the access control panel and the reader. It will also make standard the option for powerful encryption in support of advanced security applications.
We have been offering discrete integrations between our turnstiles and mobile devices for some time now, and striking the balance between the required level of security, whilst offering a user-friendly entrance experience, remains a top priority. One of the key benefits of upgrading from traditional fobs or access control cards to mobile devices is the flexibility they offer. People carry their phones everywhere with them and wear smartwatches, which makes them a familiar and convenient access control method for regular employees as well as occasional visitors. Additionally, these BYODs offer a touchless and hygienic authentication method when accessing a building, which is now more important than ever. These mobile devices do have some drawbacks, however, as devices can be easily mislaid, stolen, or broken. Whether our turnstiles need to integrate with smartphones and watches for office users or wristbands for gym users, there’s an integration solution for everyone.
From an intercom perspective, the biggest benefit is also one of the biggest challenges. Users are able to visually confirm visitor identity, answer their door, and allow visitors building access—all from their mobile devices. The benefit is the freedom to answer their door from anywhere. Users are no longer required to be on-site to greet visitors, receive packages or ensure their front door is secure. Of course, the downside to answering a door from anywhere is putting the responsibility of screening guests on the user, as well as the different levels of responsibility that users now have in allowing building access.