My local gym recently installed new access control locks on the lockers in the Men’s locker room. I appreciate it – I’ve had my things scattered about on one occasion at this gym and brought a lock from then on. However, last week I experienced an event that highlights the idea that technology is only as good as the end users utilizing it. Let me explain:
These locks are connected to the lockers, with a digital keypad on each. You put in your code, press the submit button, and turn a manual switch. Then a green light blinks and the lock activates. You go about your workout, come back, punch in your code, hit submit, the switch turns, and your locker is unlocked.
The technology itself works great. There is no way for any non-employee to break into the locker short of physical force. However, as always, human error is a factor.
I must have hit the wrong number when punching in my code before my workout. The keypad is at waist level and the buttons are inset, so I must have made a mistake. I put in a few variations of my code until I was sure I made a mistake.
At the front desk they assured me I wasn’t the first to make this mistake. Far from it. So there was no issue helping me retrieve my belongings. That’s when (from the technology’s perspective) the trouble began.
First they couldn’t find the fob to unlock the system. They told me it usually hung from a latch in the main office behind the front desk. So now I knew where the fob was kept.
After radioing around a bit, they found out where the fob was misplaced. So right away, we’ve got the master key in the wrong place. There were two employees at the front desk, and neither was supposed to leave the post. So, instead, they gave me the fob and told me to meet the maintenance worker in front of the locker room.
Security workers are cringing right now. As I walked the halls with a master key to unlock any locker in the building, I thought of what a thief would be doing in my position. Replicating the fob somehow? Leaving the building with it? I’m not sure – luckily for this gym I’m no thief.
Besides, I thought, I’ll have to pass the maintenance worker to get into the locker room. They must have realized that and deemed it was no threat to give me the fob.
When I reached the locker room there was no maintenance worker outside. I went in and searched, but the locker room was empty.
I was alone in the locker room with a master key to unlock any locker in there. Not because I hacked the system, stole the key, broke in, or tricked the employees. Just by happenstance. Again, I thought about what a thief would do in my situation. Nothing good, I imagine.
Finally the maintenance worker showed up. Unfortunately, he didn’t know how to use the fob. The two of us stood at the locker, trying different combinations of buttons, holding the fob in different areas. We were unable to come up with the reset code, so he called a supervisor to meet him. And again, left me alone in the locker room with the fob.
I kept trying but couldn’t figure out how to unlock the system. I thought I might be able to search online, but I had no service. So I left the locker room and sat down out front.
When the maintenance worker returned he was trailing a middle-aged woman with a polo shirt bearing the gym’s logo. His supervisor, I imagine, and she was not happy. I overheard her chastising him for not asking me what was in the locker before opening it.
“You’ve got bigger problems than asking me what’s inside my locker,” I thought, holding the master key in the palm of my hand. But I didn’t say anything. At this point I’d been trying to retrieve my things for 30 minutes and just wanted to go home.
The maintenance worker went inside with me and I handed him the fob. He opened the locker in front of me – and now I know how to use the fob to unlock those lockers. He asked me what was inside with a smirk, and I told him my black gym bag was at the bottom, and my car keys were on the shelf at the top. Such it was, and I was on my way. I thanked the front desk employees on my way out.
That’s the story of how my local gym gave me the knowledge, hardware, and privacy to unlock its new access control system by mistake. Of course, I didn’t take anything. I’m not a scumbag. There are, however, many scumbags walking this Earth. Had any of them found themselves in the same position, I never would have gotten my things back.
You can have the most complicated technology on the planet, and all it takes is a few employees making poor decisions to render it useless.
I don’t blame the employees, honestly. I’m not trying to disparage or embarrass them. I think this could have happened to anyone. To err is human. That’s the point of this story – it doesn’t take an idiot to fall for a phishing attack, or to trust the wrong person, or to make a poor decision. It just takes a human to do so.
In summation – Educate your employees if you want to ensure you get the most out of your access control system. Or any system, really.