Tuesday, June 25, 2019

Condo Master Key Control: Five Risks and How to Solve Them

Burglar breaking in with key
Fueled by a heroin addiction, a maintenance technician at a Massachusetts condominium community robbed 19 separate residents over a period of a few years. The monetary value of the items amounted to several thousand dollars, but worse than that, many were irreplaceable heirlooms passed down through multiple generations.

In Canada, a condominium complex spent $30,000 to $40,000 to rekey its building after someone stole a bike from a storage unit.

The common thread in these stories is master keys. The maintenance technician abused his access to the master key to enter residents’ homes, and someone stole a master key from the fire safety box at the Canadian complex to let themselves in to the storage unit.

It’s not uncommon for condo associations to keep master keys on file (or at least copies of each resident’s key), but is the way you handle keys putting your association and residents at risk?

Master Key Risks


Unfortunately, it’s difficult to keep master keys out of the hands of unauthorized people and prevent authorized key holders from abusing their access. Some common issues include the following:

No Rekeying After Construction

During construction, contractors use a master key system to allow them to move easily throughout the building. Once the development is complete, it’s difficult to know which contractors and other vendors might still have master keys to the building. If your condo building hasn’t been rekeyed since it was built, you’re leaving homeowners vulnerable.

Unauthorized Duplication

Stamping keys with “Do Not Duplicate” provides a false sense of security. The Associated Locksmiths of America (ALOA) advises members to discourage customers from relying on this inscription as a security precaution, as it’s not legally binding unless the law prohibits duplication of the keys (such as keys used by the Department of Defense).

If someone wants a copy of a key badly enough, they aren’t likely to let the “Do Not Duplicate” warning stop them. A quick Google search reveals strategies for disguising an inscription, such as hiding it with a rubber cover or covering it with tape and writing a unit number or “Shed Key” on it, so the locksmith is more likely to make copies. There are even local threads dedicated to recommending locksmiths that will ignore the inscription.

Key Abuse

Assuming someone is authorized to use a master key as part of their job, can you be sure that they’re using the key for legitimate reasons? As one lawyer told The Palm Beach Post, even if condo associations have a right of access, it’s “not to be abused by a maintenance man who needs a private place, and not so a maintenance man can use a bathroom.” Failing to abide by these standards can lead to legal issues.

Key Theft

The risk of key theft goes up if you keep keys in an insecure place, such as a fire box that can be easily pried open, a pegboard from which keys can be swiped, or in a desk drawer that’s left unlocked. If you don’t maintain a verifiable access log to track who’s removed keys and when, that risk increases even more.

Carte Blanche Electronic Access

Smart locks, also called electronic locks or keyless entry, give residents the ability to unlock their doors with codes, fobs, or even their smartphones. Keyless entry is convenient, but it does come with more administrative effort than some property managers may realize. If the property uses a system with security tokens, condo association employees may choose to program a master access method that opens all unit doors. This practice presents many of the same risks as master keys.

How to Protect Your Community


To protect your community, follow the below best practices for key security:

Rekey When Necessary

If your building hasn’t been rekeyed since construction or if a master key has gone missing, it’s critical that you rekey to protect residents. To avoid this expense in the future, take steps to secure the keys in your care.

Inform Homeowners

Let homeowners know if you have a master key on file, how you’ll secure it, who will use it, and in what circumstances it’ll be used. If possible, request individual copies of unit keys instead of maintaining a master. Also notify residents when the key to their home has been removed and why.

Keep Accurate Logs

Keep a log of which employees and board members are authorized to access which keys and when. Be sure to update this record and collect any unreturned keys when an employee leaves or when new board members are elected.

In case you need to investigate a possible issue with key abuse, ensure you have a way to pull reports on demand. Using an electronic key control system to create an electronic log minimizes the possibility for human error and manipulation.

Implement the Right System From the Right Partner

To secure keys, implement a patented key control system (a recommendation that’s supported by the ALOA). If you use electronic locks and use preprogrammed access fobs or proximity cards, consider using an electronic key control system to restrict access to those tokens. Just be sure to choose your key control partner carefully — one of homeowners’ top complaints about associations is when management chooses low-quality or unethical vendors.

Train Employees and Board Members

Implement periodic key control training for employees and board members. This ensures that those responsible for keys know what’s expected of them and are aware of the consequences for failing to follow your key control procedures.

Without taking the right precautions, your master keys could be mastering you. By taking steps to secure keys and hold authorized users accountable, you can avoid costly security breaches and put homeowners’ minds at ease.