What are credentials?

Access control systems restrict and regulate entry to secure buildings or defined areas. In order to control the access, the systems require a means of identifying individuals and verifying whether they have permission to gain entry. Credentials are that means of identification.

There are three basic categories of credentials:

  • Something you know – this might be a password or PIN
  • Something you have – this might be a key, a card, or a fob
  • Something you are – biometric factors such as fingerprints or retina scans

When you’re considering installing or upgrading an access control system, it’s important to think carefully about the kind of credentials you want to use. Here are some factors to consider.

Something you know - a password or PIN code
Something you have - a card or fob you carry around
Something you are - your fingerprint, face, or iris

What level of security technology do you need?

Technology has advanced in leaps and bounds in the security industry. There are now many different protocols and standards for access control systems. Here are some of the most common technologies widely available for credentials:

  • 125kHz proximity. This is an older technology with a basic level of security.
  • MIFARE® Classic. MIFARE® is a brand name referring to the most commonly used type of integrated circuit chips which are inside access credentials.
  • MIFARE® DESFire®. A higher security option which utilises AES encryption to protect the data and prevent card cloning.
A locked padlock sits on top of a laptop computer to represent cyber security

What are the risks of each type of credential?

There are risks associated with every type of access control credential, but some are greater than others. For example, a password or PIN can be easily forgotten, or stolen if a user writes it down or does not conceal their hand when inputting it. Keys, swipe cards, and fobs are also commonly lost by or stolen from users, and could be used by an attacker to gain access to a building.

Biometric data is intrinsic to individuals. The chance of someone else having identical fingerprints to you is 1 in 64 trillion. It is extremely difficult to steal biometric data from someone, making these kinds of credentials an excellent choice for higher security requirements. However, if biometric data was stolen or cloned from a system, bear in mind that once stolen, it is compromised forever. You can set a new password or issue a new swipe card – you cannot replace your fingerprints, iris, or facial features.

Access control keypad outdoor on brick wall with man's hand pressing button

What would be the most convenient option for your users?

More than anything, day-to-day users of access control systems want whatever is the most convenient solution for them. The less intrusive or disruptive the system, the more they will like it. If they have to carry a key for the front gate, input a PIN to enter the car park, then swipe a card to get into the building, and remember a different PIN for the on-site gym, it’s likely they’ll be unhappy with the inconvenience of the system.

Equally, if the credentials are difficult to use or take too long to respond, it’ll interrupt their daily activities and can encourage misuse. If it takes one person 10 seconds to input a PIN and unlock the door, and you require every user to input the PIN individually, then either queues are going to build up at high-traffic times, or people are going to tailgate and you’ll lose the accuracy of your reporting.

It’s therefore important when choosing the right credentials to find a balance between the requirement for robust security and the impact on users’ day-to-day lives.

A black plastic keypad is mounted on a white wall with blue illuminated keys. A person's hand holding a white access card is reaching out to present the card to the keypad for access control validation

What is the administrative burden of managing the credentials?

Different types of credentials also require different levels of bureaucracy to manage them effectively. Security managers need to consider how much time and budget they are willing to spend on the ongoing administration of the system. For example, systems using physical credentials like cards or tags usually come with a recurring replacement cost because people lose or damage their credentials.

Meanwhile, a keypad code costs nothing to replace, but might need to be changed on a more regular basis to reduce the risk of security breach. Security managers would then have to ensure all users are updated effectively each time the code is changed.

Do you need multi-use or multi-factor credentials?

Multi-use credentials are those which can be used at multiple entry points or for multiple purposes. For example, in an office building, you might be able to use an access card to unlock the front door, pay for food in the cafeteria, and access the gym. These systems prioritise the user’s convenience by reducing the amount of different credentials they need to carry or remember.

Multi-factor credentials refer to systems which require more than one credential to validate the identity of users. These systems prioritise security over convenience as they force users to present more than one credential before they can be granted access. High security systems commonly require multi-factor credentials. This might consist of presenting an access card and then inserting a PIN, or scanning a fingerprint and then an iris. Adding required validation methods to a system hugely decreases the likelihood of an intruder gaining unauthorised access by using false credentials.

A black slim access control reader mounted outdoors on a white wall while an outstretched hand presents a grey tag credential to it

Do you know what you need for your next project?

Find out more about CDVI's range of credentials, from 125khz proximity cards to stylish MIFARE® DESFire® tags and even AES-encrypted smartphone credentials.