 The best kind of doors are the doors you have to explain. Welcome, welcome to Unhinged. Today, we do have a very special guest, Mr. Phil, the mobile credential evangelist, Coppola. Are you ready for the next one? I'm ready. I think you've seen this one. This one was too- Is that- There's so much wrong here. Is the card hanging from the wire? Yes, the card is hanging, so there's a card that's hanging from the wire that the unit is probably having power drawn from and data being sent across. And then there's a pin and a biometric, right? So it's like something you are, something you know and something you have, right? So they got all three, but it's like, oh yeah, yeah. It's just right there. It's all just right there. So I mean, what I'll say here is more than likely, this is secure. How do I come to that conclusion? So obviously anybody can cut the wire and completely invalidate this whole process. Let's assume that this is a fail secure scenario so that if those wires were cut, the door would not open, although that looks like an exit door, so that probably shouldn't be the case, right? The more I think about this and you hear my stream of consciousness, that would be bad. But let's assume that it was a fail secure and cutting those wires wouldn't be that big of a deal. My assumption is that you have to present all three, your finger, your pin and the card. So obviously the card, no problem. The pin, anybody knows, right? Based on our last conversation, at least with the biometric, that's like your last line of defense to ensure that it is the actual person. But then at that point, why just not have a biometric reader there and get rid of the pin pad and the card? And while you're at it, upgrade it to a signal reader and have it be a mobile credential. And then put some conduit there, please, to hide the wires. On a scale of one to 10, from a life safety perspective, if that is indeed a fail secure door, that would be like a 10, completely egregious. From just a general security perspective, assuming that's gonna be fail safe, that's pretty low, I would say. What facility would need triple authentication? Like the government only wants to. Yes. Yeah, it would really be for like vaults, right, super secure data centers would be another one. And this is one of the really nice advantages of mobile credentials now, is that basically it can take any reader and turn it into a multi-factor authentication device. So if you do have a secure area, I can present my phone to the reader and the phone will ask me to use my face or my fingerprint to unlock the door. So you'd have that two-factor authentication there. But yeah, in the modern era, there's really no need for this. Yeah, no, I'm with you 100%. I would say like if this was a vault or a data center or something like that, I would get the biometric side of thing. But if you are trying to keep it secure, why are the wires exposed? Why are there exposed screws to the back of the reader? Is there a damper switch on there? Probably not. Like an alarm system is gonna go off like when someone unscrews that and puts a skimmer behind there. You can have all of the credentials in the world, but from the reader to the board is not secure. Like that's a big issue right there. Oh, 100%. The skimmers, you can get 40 of them on Amazon for like 20 bucks. They're not that hard to slice in there. Even I could figure it out. So. Yep, absolutely. And one thing that since we're talking about biometrics and I mentioned mobile credentials, the other really cool thing about using the phones biometric as opposed to something like this is the enrollment is on the user side, right? So I as the person with the phone have enrolled my own face and I trust that device with keeping my face secure and keeping my data secure, right? When you unlock your phone with your face or your fingerprint, that data never leaves the phone. It never goes anywhere else for authentication purposes. Whereas with a fingerprint reader, I have to enroll my finger into someone else's system that they now own, right? That organization is responsible for this person's biometric data. And as GDPR rules start to migrate more and more into the United States, we're gonna start to see issues like this come up by how are you storing my data? What type of data are you storing? Where are you storing it? Is it secure? Blah, blah, blah, blah, blah, blah. Whereas using the biometric on the individual's device, the individual has complete control over that and all the authentication happens on device. So yet another reason to move to a mobile credential. I did not mean for this to be a sales pitch, but here I am. Well, to be fair, you didn't pitch an actual product. That's true. So you're not selling anything. This is true with mobile credentials in general. Look at this, yeah. Yeah. I've got a little picture. No, you bring up a really good point. I think privacy concerns when it comes to biometrics in particular are very controversial topic right now in the security industry. Actually there's at Accelerize, see as young professional group, their event each year that they have, they're having a debate on whether the security industry should be supporting biometrics or what are the pros and cons to biometrics. And they're having like an official debate at Accelerize which I'm pretty excited to throw some questions in there to stir the pot a little bit. Yeah, a hundred percent. Can you send me some data on that? I'd love to participate. Yeah, you should come. You should be there. I'm a young professional, I think. Yeah, I don't know why I haven't sent you the information on there. You should be there for sure. And by the way, there is most certainly a time and a place for biometrics, especially when you're talking about really, really sensitive, secure areas. And there are certain biometric devices that I actually really like, right? There are certain facial recognition brands that work really, really well. It's just, it's all a matter of data privacy at this point. And ultimately at the end user level, do you want to own that responsibility? Forget about owning the person's data. Like do you want the responsibility? Because if that person's data is compromised, then you've got a problem. Yeah. What was it? Last year, two years ago, Ossoble actually bought Pro-ID and that's a biometric reader and they highlighted that at ISC West. And I was like blown away with how easy it was to enroll someone and the information was kept local. It wasn't like spread or anything like that. So your privacy was concealed to this extent but that was really cool to see. Like you were walking up to the door and it automatically opened up for you without presenting any credential or anything like that just cause the camera picked you up from 20 feet away. Yep. And by the way, just wrapping up on this one, if that is how the person installed the reader, you could guarantee that the computer that holds the biometric data probably has password for password. That sounds about right. One, two, three, four. Okay. Knocking score. What do you think, Phil? I think you already kind of gave it a score, but... I'll give it a pretty low one because I think this is all just lack of convenience. So like from a life safety perspective, this is probably like a two or three from security perspective. This is like egregious. I would give it like a 10. Yeah. I'm with you. It's just hard to look at. You know, like aesthetically, I'd give it a 10. Yes. Yes. Any technician that has any pride in their work, this hurts them just looking at it. I am curious. To me, this seems like a retrofit or an after the fact. So I'm curious if there was anything here prior and what it was or if this was a first attempt. But I'm going to go five. I'm just going to go middle because I'm going to balance everything. But yeah, aesthetically, it's terrible. Security, it's terrible. Life safety, like you said, Phil, if it's fail secure, it's probably okay. Yeah. My guess is this was like after the building was built, they added this and they just didn't want to drill through the concrete to get the conduit through there. Who would, right? This is the... And never mind water penetration through those points where the wires coming in, right? Yeah, who cares? Water and electricity work really well together. Don't you know that, Phil? Fine. It's a great conductor. It gives a good boost. It's fine. Okay. Are you guys ready? The last photo. I love these knotted exit ones. Oh, boy. This one's less access related and definitely more life safety related. So many exit signs. But they're... But they're not. They're not exits. My favorite examples of these are also like the exit door that's labeled exit door, but then there's like a giant stack of pallets in front of it. So like the AHA would have a heart attack. The fire marshal, like nobody would be happy. OSHA would probably have something to say. I'm sure OSHA would have something to say just in this scenario. Yeah, pretty scary. If you really think about it, I always go into these situations thinking worst case scenario, right? Like there's a fire or something breaking out and there's smoke everywhere and you're panicking and you're looking for an exit and you see these signs and you run over here and realize, wait a second, these are not the actual exit. And I spoke with Lee about this door and apparently these signs direct you back to the front entrance that you came through. So... Yeah, I was gonna say because I mean, technically the arrow's pointing that way, right? So that's not an exit. The exit's over there. Yeah. But yeah, to your point, in a life safety scenario where there's smoke, you're not looking for the arrow. You're looking for the giant exit sign. Yeah. This is supposed to direct you towards the exit not to the not an exit, right? And there's a mag lock on there. What's the other thing to the right of the mag lock? Because it looks like that's attached to the door also. The door position switch is like a sensor of, yeah. But I don't see a wreck of any sort. I guess that could be maybe an emergency exit button. But even then, I guess it's not an exit. Codes don't really apply to this as path of egress. Like this used to be an exit maybe and they're like, well, actually we're blocking this off now. And so no one can go through here. Everyone is redirected over here. No, that's an economy bar. There could be a wrecks in there, but it's unlikely. But if I'm running towards this, I'm still trying this door. There's an emergency situation, I don't care. 100%. Yeah, I wonder what's on the other side? We ask that question a lot on here, Phil. What's on the other side? Well, there's only one way to find out but it's not the exit. Yes, not the exit. Or maybe it is. I do also appreciate the irony of putting the fire emergency call switch next to the non-exit door. There's some irony there. Again, another thing that you're supposed to have on the path of egress, but it's not. It's not. Nope, we don't go there, we can't go there. I'm actually curious, Mia. So you mentioned that a wrecks could be in there because that's what I was thinking, right? If there's a maglock there, the crash bar would be the wrecks. Is that not always the case? No, I mean, it usually is the case but on an economy tier bar, there's not usually a lot of electrification that's happening or switches that are put in there. So I mean, yeah, like physically it could be in there but you know, only a few manufacturers would even probably offer that or it would be like a special request that you would, like I'm sure we could do it on all of our economy rails but it's not something that's a catalog, horrible thing. And how can you so easily tell that that's an economy bar? Well, the really small chassis head, that's typically indicative of an economy bar and it's plastic on the back end, yeah, Benjy. Yeah, so those are usually not the premium tier. And curious, just like on the other, not an exit door, it's an in swing, it's an in swinging door. It doesn't need to have a knob of any type on there. I mean, I guess because it's not an egress door, it doesn't really matter, does it? Yeah, I mean, your guess is as good as mine. Actually, I like this door better than this door because this makes you think that you can get out. This one, you know, like, oh, there's no handle. What am I gonna do? Try to pry it through the fingers or something. Good news is though, if you have a pair of scissors with you and you run to this door, there's some exposed wire to the mag lock. Just snip those real fast and you're out. Unlock the mag lock right there. Like a good yank. You don't even need scissors. Yep, good call. Cool wires to open. In case of an emergency. On your scale of one to 10, this is a 10 in a life-threatening emergency. People are going to go to this door whether it's an exit or not because the exit sign's directly over it and whether or not they'll actually be able to get through the door is a completely different story. Stopping their path of egress and then having to figure something else out. Yeah, this is bad. This is real bad. Anytime you have to think about the path of egress, that's a big problem in my opinion. I'm giving this a 10. That's my official stamp on it. Door-dork approved. Door-dork not approved. That's not approved. Door-dork not approved. Do not fail this failed. Sometimes I am concerned because I can be sarcastic every once in a while. Like especially with writing and people can take it out of the wrong context. And so sometimes I have to like clarify and make sure people understand. Do not do this. Because there's people like, oh, what a great idea. Like, are you being sarcastic or are you actually going to implement this? Because there's a reason I'm posting about it and... It's not a good idea. Just in case you misconstrued anything, I just said bad, all bad. Did Lee give you any indication how big this room is? Because you said it's going to direct you all the way to the other side. He said it was quite the trip. It was a trek. This is like an industrial building. So it's very large. And yeah, if you're in this area, you'd be drawn to these. But then he said, I think 150 yards or something like that. There's not another exit sign. Making me think of the station nightclub fire in Rhode Island in the 90s. Yeah, you're going to have a situation like that. If there's an emergency here. I mean, who knows what kind of business they're conducting here. Like industrial park, there could be a lot of people in this building at a time. Or maybe they are throwing a rave in there. I don't know. I'm not a raver, but I would not approve that one either. We should have the Accelerize conference here. There you go. That's always one of my favorite things is when you go to conferences and people are like talking about life safety and security. And then their booth is blocking the exit. I'm like, do you realize what you're doing right now? Yep. My other favorite on that topic is like you go to the convention center and it's all cameras that you know have all kinds of cybersecurity vulnerabilities, right? And they're just everywhere. Not mentioning any names, but you all know who I'm talking about. We'll keep it PG. Okay. Is it 10s across the board? Did we get it? Yeah, 100%. Unanimous. That's a turkey. Is that a turkey? And three strikes. You're out. Turkey. All the different sports analogies from three-door hardware nerds. Hat trick. Well, Phil, happy. I was happy to have you on here. I'm happy to be here. Thank you so much for joining us. This has been a fantastic episode. Thanks for your insight and your knowledge, especially on the mobile credentials. Yeah, absolutely. Thank you, Mia and Benji, for inviting me to this. This was actually really fun and I would be greatly disappointed if this was the only time because this was like way too much fun. And I very much look forward to my bag of coffee. We'll mail it out probably next week. Awesome. Thank you so much. Thank you. If you wanna be featured on a future episode of Unhinged, you can comment below or email me at Mia at doorhardwarenerds.com. Thanks, guys.