How To Move Away From Insecure Prox / 125kHz Credentials
Despite being widely used even today for access control, 125 kHz credentials are easily copied and are insecure.
However, changing to more secure credentials can cost thousands of dollars, even for smaller systems. In this guide, we cover the most common migration paths and examine the pros and cons of each so you can help choose the best path forward.
This guide covers:
- The Major Risk of Not Changing
- The 3 Most Common Migration Paths
- Pros & Cons of Each Method
- Mobile Credentials Option
- Biometrics Option
- HID Global Formats More Costly
- 13.56 MHz Read Ranges Shorter
- Changeover Cost Is The Biggest Factor
For related statistics, see Prox / 125 kHz Access Control Credential Usage Statistics and Multi-Frequency Readers Usage Statistics.
The ********** ******* ****
*** **** ***** ** *** *******: the **** ****** *** *** **** formats **** ** ****** *** ********** unencrypted, ** ******* **** ***** **** to ******* *********** ******* *** * few *******.
***** *** **** ****** ** ***** insecure *********** ** ******** ***, *** risk **** ******* *** ***** **** facility ********** ** * **** ***** worldwide. *** ***** ***** ******** **** ****** ******* **** **** $30 *** ****** **** *********** ** *********** ****** ** ***:
Flipper **** ****
*******, ***** ******* *** **** *** kHz ***********, ***. ** ****** * well-publicized ******* ********* **** ****** ******* ******* ******.
******* **** *** ****, *****, *** write *** *** *********** ***** *** built-in *******. **** ******* ********* ******* can ***** *** *** *** ****** Prox *********** ** ********* *** **** data **** ** *** ******.
****** ****** ** *** **** ****** used ****** *** **** ***** *** is ******** ** **** ****** ******* systems. ****** ** *** **-*** ******** format **** *** ****** ****, ***** facility **** ****, *** ** **** number ****.
Makes ************ ******
******, ** ****** ******* *******, ***** copies **** ********* ** ***** *****.
*** **** ********** ***** ***** **** card ****** *** ***************** **** *** HID ******* ********:
*** **** ** **** ************ ****** can ** **** *** **** ** gain ******, **** ** ******* **** or ****** ** ***** * *********.
Three ********* *****
*** ******** ** ***************: **** ***** 125 *** ***********. ***** *****, ******-********* versions ******* ********** *** ********* ******* of **** *******, ********* ** ***** usability *******, **** *** * ******* replacement.
*******, ***** *** ******* ******* *** migrating *******, **** **** ******* ***** and ********* *** ********:
- ****** ***** & ******* ***********
- ******* *****-******** *******, ********* ******* *****
- ******* ******** *******, ********* ******* *****
*****, ** ******* **** ****** ** depth *** ***** *** **** **. cons ** **** *********** ***** **** is **** *** ******** *******.
HID ****** ******* **** ******
*** *** ************* **** ********* **** from ****** ******* ** ******** ***** 13.56MHz ****** ****** ** ******* ** its *****. *** *** **** ****** options ***** **** **** *** ********* vendors:
***'* **** ** ********* **** ********* on * ***-****** *** ***-********** ***** than ***'* ******/*******. *** ****** ** the **** ********** ** ******* *** of *********, ** *** *** ******** are ********, ** *** ************ ********, by *** ** ***** ******, **** Abloy. ** ********, *** *** (***-*** formats) *** '**** ***' *** *********** open *** *** ************ ** ***** products ******* ***** **** **/******* ********* cost.
*** ****** ******* ********** ******* ****** vendor ******* ****** ***** ** ********** part *******, *** *** **** ********** typically ****** **** **% - **% less *** ***-*** ********. *******, ********** in ***** *******, *******, *******/******* *******, and ******* ************ *** ** ****** for ***, ***** ******* * *********** market *****. ********* *********, ***-***** ******* may ** **** ****** ****, *** pricing/support *** ** **** *********.
13.56 *** **** ****** *******
**** ** *** *** **** ********** between ***********. ******* **** ***** ****** is **** ************* *********, **** *** lower ********* ****** ****** ******** ****** distances. ***** *** ******* ***** ** not * ******* ****** *** **** mount ** ******* ***** ************ ***** cards **** **** **** * ****** from *** ******, ****-********* **.***** ******* cannot **** ** ****** ****** *** parking ****** ** ******* **** ************.
*** *******, ******* *** ****-***** ************ ** ** **" **** ******** non-boosted ***********, *** ***** **.** *** counterparts **** ***** **" *** **** warranted *** ** **** ********** *** **************** *** ****** ****** ******* *** that ***********.
Pros & **** ** ****
******** **** *** ***** *******, *** most ****** *** ******* *** ******* cost *** ****** ****** ****** ** the ********* *********** ** **** *** kHz ******* *** **** *****, ***** the ***** ********* *** *********** **** and **** ********** ****** ** ****** mounting * **.** *** ****** ***** existing ***** *** ***** ******** *** cards ** ***** ** ******.
*** **** *** ** *** ****, meaningful ******** ***********, *** *** ****** impact ** ** *** * *********** reader **** *** **** ******** **** frequencies *** *******, ***** ****** '*****-********' readers. **** ***** ***** *** *****-****:
** *** ******** *****, ** ******** each **** ** *****.
One: ******* *** ***** & ******* ***********
**** ********* **** ** *** **** costly *** ****** *** ******** *** the ******* ** ********* *********** ** all ****** ******* *** ***** ** once.
*********** ********** *** ** *** *** credentials ***** **** *** ******* **** disappears, *** **** * ******* **** requires **** ********* ****** *** ******* coordination ** ********* ******** *** *** issued *********** **** *** *********** **.** MHz *****.
** *******, * ****** **.** *** reader *** **** $*** - $***, and * ****** **** ***** ***** $3 - $* ****** ********** ************, configuration, *** **** ******** *****, ** even * ******* ****** **** **** than ***** ***** *** ** ***** can *** **** *** ********* ** dollars, *** ***** **********/ *****-**** ******* can **** ******** **** ** *********.
** ******** ** *** ****, ********* changing *** *** ******* ***** ******** credentials *** *******, ** ******* *** planning * ******* ***** ***** ********* and ******* *** *********** **********. *** long-range ************ *** **** ** ** re-engineered ********.
** * ******, *** '******* ********** at ****' ********* ** ********* **** used ** ******* ******* ***** *** cost *** ******** ****** *** *****.
Two: ******* *****-******** *******, ********* ******* *****
**** ********* **** ** ***** ****, but ***** *** ******** *** ***** be *********. **** *** ***** ******, option *** ******** *** ********* *********** of *** ******* ** * *** hybrid **** ********** **** *********** **************. These *****, ***** ****** '**********' ** 'multi-technology' *******, *** **** ********** ********* and ******** *******.
***** **** **** ** ****** ***** that ****** *********** *** ** ******** gradually ****** **** *** ** ****, often ******** * *** ****** *** and ******* ********* ******** ** *********** credentials ** * ********** ********.
***** *** **** ** ***** ******* is ***** ****** ** * ***-**** basis ******** ** * ****** ********** 13.56 ***-**** ****, *** ******* ** modest ** **% - **%. *** price ********** ** ********* ******* *** still **** *********, *** ********* *** the ******* ** ********* ********** ***********, even ** *** **** ** ********** insecure *** *** ******* *** ****** or ***** ****, ** ********** *** many ******** ********.
The ********* ****
***** **.** *** *** ****** ** and **** *** ******** ** **** security *** **** ** ******** **************, they *** **** ** ********** ** long-cracked *** *** *********** ** * downgrade ****** ** **** *** ******* - '**********' *** ***** ***** **** 125 *** *** **.** *** ******* in "********" ******** ********.
*** ***** ***** ***** *** **** physical ***** ** *** ******:
********* ***** ** ********, *** ** now ****** ********* ** *** **** amplified ** **** ********, ******* ****** "*****, ********* *******" *** "Legacy ********* *******," *** ********* ***** ** **** off **** ** ********* ********** *** kHz ******* ** *** ****.
Three: ******* ******** *******, ********* ******* *****
*** ***** ****** ** ***** *** least ********* *** ******** *********** ********* and ******* ****** ******** *** ***** creates ******** ***** ****: ******* * new ****** **** ** *** *** one.
*** **** ** ******-**** ******* ** often **** **** *****-********/********** *****, *** they *** ** ********* ******* ********** disruption ** *** ******** ******* *** cardholders.
*******, ********** *********** ******* **** **** other, **** **** **** *** ********* frequencies, *** ****** *** **** ***** performance ** **** ****. ********* ** often * ***** ***** ******** ** units ** *** ****** **** ***** out ** ********* ********* **** **** other.
** *********** ** *** ** *****, appearance *** ***** ** **. ******** dissimilar ******* **** ** **** ***** creates ** ********* ***** *** ***** bad. *** *******, *** **** ******* of ******** *** *** **** *** 13.56 *** ******:
********, **** ********** ******** *** *** support **** **** *** ****** *****, and ********, ***********, *** ******* **** additional ****** ********* *** ** ********.
*******, *** ******* ** **** ****** may ***** ******** ** ** ***** factors ********** **** ****** ************ *** migration ** *** *********** *** ** done **** ** ***** *******, **** whatever **** ** ****** ********** ** continuing ** *** *** *** **********.
Considering ****** *******
******* ****** ** ** ****** ******** 13.56 *** *********** ******** *** ******* use **** *****-***** ****** ** ****** credentials.
***** **** ** ***** ******, *******, as **** ******* **** ** ** upgraded ** ******** ** **** **** NFC ** *** ***********, *** *** users **** ** *********** **** ****** credentials, ********* ******* ** ********** $*.** - $*.** *** ****.
*******, **** ****** ** ***** ********** 'secure' ******** ** *** ***, ** the ********** **** ** *********, *** the ***** ****** ***** ******* ***** to ************* ****** ****** ***.
Considering ********** *******
*** **** *******, *** *********** ** upgrade *** ******** ***** ********** ***** entirely, **** **********. ***** *** **** of ******, ****, *** **** ******** have ********* **** *** **** ******, the **** ** ***** ****** ***** is ********* **** **** **.** *** counterparts, *** **** ***** ******* *********** outlays *** **** ********** *** **** training ** *** ** *** *** new ******* ********.
*******, ********** ** * ******** ********* to ******** *** *** *** ******* back ****-***** ** ******** ** ****** credentials **** *****.
**** *** *** **** ******* ******** to **** **** **** *** ******* dip ** ***:
** ****, *** ********* ********* ******* use ** *.** ***** *** ***, a ******* ***** *** **** ******* of *.** ***** *** ***.
***** **** ***** **** '**** *****,' there *** ***** *********** ** *********** issues **** ********** ***** *********** **** as ******* ** ****** ************, ******* perimeter ******** ******* ** *** ******* (and **** ******** ******** **** ******), and ** **** *************, ********** *********** 13.56 *** *********** *** ******* *** implemented ** ******* ***** **********.
******* ** *** **** **** *** difficult *********** ******, ********* **** *** kHz ** ********** ** ********, ******** generally, ******** ** ***** *********** ****** a ****-******** ****** ******* ****** ******* or ********** ******.
Changes **** *****
** *** *** *** ******** ****** systems, ******** **** ****** *** **** migration *******. *** ***** *** ******** managers ***** *** ****** ** ***** the **** ** *** *** ******** against *** **** ** ********* **** it.
*** **** *****, *** **** *** perceived ** *** ***** ** ******* spending *****; *******, *** ********* ** Flipper **** *** ***** **** ******* has ******* *** ********* *** *****. Security ******** ****** *** ******** *** difficulty ** ******* ************ ********** *** 'high ****' *** *** ***** ** easy ** ******* '*** ****' ********* mechanical **** *** ** *** ******** or *** *** ****** *****.
[****: **** ***** *** ********** ********* in **** *** ************* ******** *** updated ** ****.]