Hotel room zero-factor authentication

A few nights ago I stayed in a Hotel in London. On returning to the room after dinner, my room key card did not work.

This has occurred a few times recently, I need to learn that putting the magnetic swipe room card, next to my mobile phone that has a magnetic catch on the case is not a good idea.

Anyway, off I trundled to reception to say “my key card does not work” and handed over the key.

No problem sir, what room are you in?

I duly gave my room number, and the receptionist kindly re-programmed it and handed it back to me. How very helpful.

The 2nd receptionist at the desk quickly interjected

You need to check his identity!

This sent me quickly thinking about what forms of ID do I have on me. The 1st receptionist quickly asked

What is you name please?

And that was it. The only form of ID I needed was knowledge of my own name. Does this even count as one-factor authentication?

So, if you happen to stay in this particular London hotel room, keep your room number confidential, as all I need to get a key for the room, is knowledge of your name and room number.
Maybe this is not a surprise to some of my security readers, and I guess on reflection not to me either, but it severed as a useful reminder of how trivial it is to defeat security systems that rely on humans.


2 thoughts on “Hotel room zero-factor authentication

Comments are closed.