19th Sep 2007
Usability versus security in doors
Spotted by the folks at HackADay.com, here’s a simple way to open locked doors without any lockpicking skills: use a length of gauge 6 copper wire to pull the handle from the other side.
What’s really interesting is the policy that makes the hack possible: businesses and public buildings are required to have accessible door latches by the Americans with Disabilities Act. This usually means handles in place of round door knobs; in general, you should be able to open a door with a closed fist, without fine manipulation. This also happens to produce a door interface that can be pulled by a crudely fashioned length of copper wire.
This is an excellent real-world (by which I mean non-computer) example of the interplay between security, accessibility and usability. You want a lock on the door, but you also want the door to be easy to open, and if you aren’t thinking about both goals simultaneously, one goal can clobber the other. This sort of design compartmentalization is common, difficult to avoid, and a big part of the reason why security is hard.
Of course, this isn’t a necessary trade-off, because accessibility does not preclude security. This hack simply means that few people think that much about both simultaneously. You can probably design an ADA-compliant door interface that can’t be easily pulled from the other side.
I’ll try this hack soon, because our department just got re-keyed. Some fool contractor lost a master key and everything had to be changed and updated. My office key used to open our reading room and copy room and dept office, but now each requires a separate key and I haven’t been able to collect ‘em all.
Spotted by the folks at HackADay.com, here’s a simple way to open locked doors without any lockpicking skills: use a length of gauge 6 copper wire to pull the handle from the other side.
What’s really interesting is the policy that makes the hack possible: businesses and public buildings are required to have accessible door latches by the Americans with Disabilities Act. This usually means handles in place of round door knobs; in general, you should be able to open a door with a closed fist, without fine manipulation. This also happens to produce a door interface that can be pulled by a crudely fashioned length of copper wire.
This is an excellent real-world (by which I mean non-computer) example of the interplay between security, accessibility and usability. You want a lock on the door, but you also want the door to be easy to open, and if you aren’t thinking about both goals simultaneously, one goal can clobber the other. This sort of design compartmentalization is common, difficult to avoid, and a big part of the reason why security is hard.
Of course, this isn’t a necessary trade-off, because accessibility does not preclude security. This hack simply means that few people think that much about both simultaneously. You can probably design an ADA-compliant door interface that can’t be easily pulled from the other side.
I’ll try this hack soon, because our department just got re-keyed. Some fool contractor lost a master key and everything had to be changed and updated. My office key used to open our reading room and copy room and dept office, but now each requires a separate key and I haven’t been able to collect ‘em all.
Posted in Crypto and policy | Comments Off