Two-Factor Authentication (2FA) Explained: RFID Access Control

     

RFID Access Control | Multi-Factor Authentication

Historically, magnetic stripe cards were used for access control. However, these cards aren’t particularly secure, as the information stored on them is typically not encrypted. Additionally, they have to be physically swiped, leading to issues with wear and tear.

These shortcomings led to the development of Radio Frequency Identification (RFID) technology. This access control method uses radio waves to communicate a unique identifier between a tag embedded in an RFID card and an RFID card reader. Today, RFID is widely used for building and network access around the world.

This blog post explores how RFID works, as well as the pros and cons of using this authentication method.

How RFID Authentication Works

An RFID-based access control solution contains both tags and card readers. Tags contain a unique identifier and are embedded in plastic cards or tokens. The RFID reader has an antenna that constantly emits a short-range radio frequency field.

To gain access, the user presents his or her RFID card to the RFID card reader, which could be mounted to a wall near a door or turnstile for physical access. For computer or network access, the reader could be connected via USB or embedded.

 

 

When the card comes within range of the reader, an electric current is induced, activating the tag. The tag then communicates its unique identifier to the reader, which can be used to grant or deny access. No username is needed, although the user can optionally be required to enter a password or PIN for added security if the RFID reader has a keypad.

Low-frequency (125 kHz) and high-frequency (13.56 MHz) devices can be used for RFID authentication. Typically, 125 kHz RFID setups are cheaper to implement, but provide less security, since in most cases, only a single numeric identifier is transmitted.

Due to the higher frequency, 13.56 MHz setups can support more involved data exchanges, allowing for bidirectional communication, contactless smart cards, and near-field communication (NFC). Some setups, known as “dual-mode” or “dual-frequency,” even support both wireless frequencies for flexible and legacy support.

Benefits

Ease of Use

One of the most important benefits of RFID authentication is that it’s easy and convenient for the user. All it takes is a quick scan for the user to gain access—no waiting or additional steps required (unless a PIN code is required).

Additionally, with an RFID card, you don’t need a line of sight, so there’s no need to angle the card correctly or swipe multiple times. RFID cards also don’t need to have contact with the reader. Depending on the frequency, tags could be anywhere up to 10 cm away from the reader, so you can use them from inside your wallet or purse, or attached to a lanyard.

More Secure Than Some Card-Based Authentication Methods

RFID cards are a more secure choice than some card-based authentication methods. Unlike magnetic stripe and 2D barcode cards, information on second-generation RFID card chips is encrypted. Though RFID communicates wirelessly, meaning it could be intercepted, incidents of this actually happening are quite rare—the same can’t be said when it comes to skimming attacks and magnetic stripe cards. And, if increased security is required, RFID cards can be layered with a PIN or password.

Less Wear and Tear

Another advantage of RFID cards is that they experience less wear and tear than cards that require contact with the reader, such as magnetic stripe cards and contact smart cards. In turn, there’s less wear and tear on the readers, which also means lower maintenance requirements. Furthermore, because you don’t even have to remove an RFID card from your wallet or purse, there’s less chance of them getting scratched or broken.

More Fine-Grained Access Control

Yet another reason to choose RFID cards is the granularity of access control an organization can implement with them in place. Organizations can enforce time-based access control (meaning that access is granted only at certain times of the day), update badge holder data without issuing a new ID if permissions change, and remotely revoke access for a single card if it is lost or stolen.

Lower Cost Than Smart Cards

RFID cards can be a more cost-effective option, too. Although not as cheap as magnetic stripe cards, you’ll spend $1 to $10 per RFID card as opposed to $50 or more per smart card.

Multipurpose

RFID cards can be a smart investment if you’re looking for a card-based authentication method that can be used for multiple purposes. They’re a good fit for physical access as well as network access and can also double as an employee or user ID badge.

Drawbacks

Security Vulnerabilities

Though RFID is an effective access control method, there are some security vulnerabilities to consider. First-generation RFID tags don’t have encryption, and RFID tags, in general, are at risk for a number of security threats, including eavesdropping and replay attacks, man-in-the-middle attacks, and cloning and spoofing. However, many of these security threats are mitigated with newer generation RFID tags using the 13.56 MHz frequency.

Susceptible to Tailgating

For building access, someone without authorization may be able to bypass authentication by simply following someone with an RFID card through an access point.

Tags Can Be Lost, Stolen, or Forgotten

As with any small object that must be carried, RFID tags can be lost, stolen, or forgotten. In this case, a user can’t authenticate with this method and the card or token must be replaced—a cost that the user or the organization bears. While a lost or stolen card presents a security vulnerability, remote deactivation and the ability to layer the card with a PIN or password significantly lessens the risk.

Associated Costs

Although a more affordable option than many other physical tokens, there are some hard costs involved in implementing an RFID authentication solution, including the initial cost of purchasing and implementing the cards and readers. RFID cards can run from $1 for a basic card up to $10-$20 per card for a finished product.

Choosing RFID As Your Authentication Method

When considering the right authentication methods for your organization, RFID provides both advantages and disadvantages. RFID tags are easy to use, durable, multipurpose, and more secure than some other card-based options. They are also the most widely used form of access control. That being said, implementing RFID involves more cost and effort than many other authentication methods. There are also associated security vulnerabilities that must be considered.

So, is RFID authentication right for your organization? This will vary depending on your organization’s unique needs. However, choosing a comprehensive authentication platform that offers a range of authentication options can help your organization implement a solution that will continue to meet its authentication needs as they change and evolve over time.

Download our guidebook to learn which authentication methods are recommended for different user scenarios.

Comments

Subscribe Here!