Proximity card presented to a P-300 Proximity Reader

Balancing Risks in Electronic Access Control

Understanding and mitigating the challenges posed by legacy 125-kHz proximity installations

By Scott Lindley
General Manager, Alvarado and Farpointe Data

Recent industry reports indicate a significant amount of 125-kHz proximity technology is deployed—and still being deployed—in electronic access control applications. Given the rise in discussions around cybersecurity threats, what accounts for proximity’s continued use? Proximity’s vulnerabilities and recommendations for avoidance in high-risk applications is old news. However, with proper precautions and strategic measures in place, perhaps proximity technology may still be used effectively in appropriate situations.

For decades now, proximity readers and their companion credentials have been on the front-end of electronic access control systems. The technology is commonly found in office buildings, educational institutions, healthcare facilities, industrial complexes, government buildings, and more. While the security industry is transitioning from 125-kHz to more secure 13.56-MHz contactless smartcards and other technologies—which we’ll address later—proximity will continue to be with us for some time. Why is that? Given the security risks of 125-kHz, why is this legacy solution still the prevailing technology in many access control deployments?

A common criticism leveled at proximity accuses manufacturers of putting profits ahead of security. However, an argument could be made that many manufacturers would stand to make more profit if the industry simply phased out proximity entirely in favor of higher-security technologies. In reality, end-user organizations consider the benefits and risks of access control technology the same as anything else in life. We all accept a certain amount of risk every day when considering what we eat and drink, how we commute to work, the hobbies in which we engage, and more. So what makes proximity an attractive option for certain access control applications?

Proximity in Use

It’s well established that proximity is ubiquitous, installed over decades now in a preponderance of sites. Let’s examine three key drivers of proximity technology:

  • Cost-effective for end-user organizations
  • Convenient and easy for integrators to deploy
  • Enhanced user experience

The ubiquitous nature of 125-kHz proximity is a key driver in the hardware remaining affordable, and its widespread adoption may very well reduce upfront costs when compared to higher security options. It is also a very flexible technology. Whereas 13.56-MHz contactless smartcard technology is often proprietary, locking customers into a specific manufacturer, some proximity readers can support credential protocols from various brands and multiple companies. This makes it convenient—in a very real sense ‘open’—and easy for integrators to successfully deploy. For example, in the words of one Farpointe integrator, “The fact that Farpointe readers can read many different formats makes it easier on both my customers and my installation teams.”

Proximity’s dependable read range and read speed enhances the user experience providing seamless, unobstructed access. This can be especially appealing in high-traffic areas that must maintain a steady flow of movement through an access point. The complexity of some 13.56-MHz contactless smartcard encrypted communications may result in end users experiencing diminished read range and slower read speeds.

The Benchmark for Proximity Readers

P-300 Proximity ReaderFarpointe’s Pyramid Series Proximity® is recognized as an electronic-security benchmark for 125-kHz OEM proximity readers and credentials. Among its stand-out readers is the P-300, which packs a remarkable amount of performance into a small package, measuring only 1.7" (43 mm) wide by 3.2" (81 mm) high. As with all Pyramid readers, the P-300 has outstanding read range and excellent read speed, is fully potted with an IP67 rating for installing indoors or out, supports several proximity technologies, and is backed by Farpointe’s lifetime warranty.

The P-300 was specifically engineered for mounting on door and window frames (even on metal), but can be mounted to any flat surface. Designed with mounting slots—not just holes—the P-300 makes for quick and neat installations.

Security professionals worldwide trust Farpointe’s identity solutions for successful access control deployments, and the P-300 is no exception. From New York City to San Francisco; from Lancaster County, Pennsylvania to Denver, Colorado; from Edinburgh, Scotland to Sydney, Australia, the P-300 is a dependable workhorse trusted around the globe.

Protecting Against Proximity Vulnerabilities

A discussion of proximity would be disingenuous without addressing ways to combat its weaknesses. This is particularly true with the advent and availability of powerful hacker tools, such as the Flipper Zero. Short of total replacement—which is most certainly an option—here are two additional methods one can use to increase the security of existing proximity deployments:

  1. Incorporate multi-factor authentication
  2. Heighten perimeter security

The use of keypad readers can elevate security by adding a second layer of identification—or multi-factor authentication—to the access transaction. When using both a card and a personal identification number (PIN), security is based on something you have, a card, as well as something you know, a PIN. Credential cloning is nullified as the PIN is not contained in the credential, and therefore cannot be sniffed, copied, duplicated or cloned. The PIN number is essentially as safe as the vigilance and conscience of the user. An important point to make here is that this is the case with any access card deployments, no matter how sophisticated the technology. For proper PIN security and other tips, see Farpointe's PIN Best Practices reference document.

Another way to enhance security in proximity installations is by incorporating higher-security technology—such as smartcard or mobile—at perimeter access points. This blended strategy heightens security at the first line of defense and allows for proximity’s continued use at interior points that might require less protection. For one-card solutions, some suppliers offer credentials that incorporate both contactless smartcard and proximity technologies into a single credential—such as Farpointe’s DE2-125 with MIFARE® DESFire® EV3 + 125-kHz proximity. Another area for consideration is the use of credentials based on emerging open and secure specifications. Two to consider include PKOC, from the Physical Security Interoperability Alliance (PSIA), and OSS-Secure ID, from the Open Security Standards Association.

To be clear, mobile and smartcard ID technologies—both making use of advanced authentication, encryption, and data protections—should be favored in new, sensitive, security-relevant deployments. However, by maintaining a balance of caution and common sense—perhaps including multi-factor keypad readers or a blended strategy combining contactless smartcard and/or mobile—proximity, under the right circumstances, may still be an appropriate solution when supporting existing installations. As with any access control solution, it’s important for end-user customers to have a good security strategy in place, as well as a willingness to educate themselves on best options for balancing the threats posed by legacy technologies.

For questions about access control identification, call Farpointe Data at
+1-408-731-8700, or email .

Scott Lindley, General Manager, Alvarado and Farpointe DataScott Lindley

General Manager, Alvarado and Farpointe Data