Fueled by a heroin addiction, a maintenance technician at a Massachusetts condominium community
robbed 19 separate residents over a period of a few years. The monetary value of the items amounted to several thousand dollars, but worse than that, many were irreplaceable heirlooms passed down through multiple generations.
Sadly, thefts such as these are not unheard of in condo communities. In Missouri, burglars
broke into a couple's home, stealing $315,000 worth of property.
In Canada, a condominium complex
spent $30,000 to $40,000 to rekey its building after someone stole a bike from a storage unit.
The common thread in these stories is master keys. The maintenance technician in Massachusetts abused his access to the master key to enter residents’ homes. The condo association in Missouri stored master keys in a box on the wall in an unlocked common area, making it easy for the burglar to steal the box with the keys in it. The Canadian thief pilfered a master key from a fire safety box and used it to let themselves into the storage unit.
It’s not uncommon for condo associations to keep master keys on file (or at least copies of each resident’s key), but is the way you handle keys putting your association and residents at risk?
No Rekeying After ConstructionDuring construction,
contractors use a master key system to allow them to move easily throughout the building. Once the development is complete, it’s difficult to know which contractors and other vendors might still have master keys to the building. If your condo building hasn’t been rekeyed since it was built, you’re leaving homeowners vulnerable.
Unauthorized DuplicationStamping keys with “Do Not Duplicate” provides a false sense of security. The Associated Locksmiths of America (ALOA) advises members to
discourage customers from relying on this inscription as a security precaution, as it’s not legally binding unless the law prohibits duplication of the keys (such as keys
used by the Department of Defense).
If someone wants a copy of a key badly enough, they aren’t likely to let the “Do Not Duplicate” warning stop them. A quick Google search reveals strategies for disguising an inscription, such as hiding it with a rubber cover or covering it with tape and writing a unit number or “Shed Key” on it, so the locksmith is more likely to make copies. There are even
local threads dedicated to recommending locksmiths that will ignore the inscription.
Key AbuseAssuming someone is authorized to use a master key as part of their job, can you be sure that they’re using the key for legitimate reasons? As one lawyer
told The Palm Beach Post, even if condo associations have a right of access, it’s “not to be abused by a maintenance man who needs a private place, and not so a maintenance man can use a bathroom.” Failing to abide by these standards can lead to legal issues.
Key TheftThe risk of key theft goes up if you keep keys in an insecure place, such as a fire box that can be easily pried open, a pegboard from which keys can be swiped, or in a desk drawer that’s left unlocked. If you don’t maintain a verifiable access log to track who’s removed keys and when, that risk increases even more.
Carte Blanche Electronic AccessSmart locks, also called electronic locks or keyless entry, give residents the ability to unlock their doors with codes, fobs, or even their smartphones. Keyless entry is convenient, but it does come with more administrative effort than some property managers may realize. If the property uses a system with security tokens, condo association employees may choose to program a master access method that opens all unit doors. This practice presents many of the same risks as master keys.
How to Protect Your Community
To protect your community, follow the below best practices for key security:
Rekey When NecessaryIf your building hasn’t been rekeyed since construction or if a master key has gone missing, it’s critical that you rekey to protect residents. To avoid this expense in the future, take steps to secure the keys in your care.
Inform HomeownersLet homeowners know if you have a master key on file, how you’ll secure it, who will use it, and in what circumstances it’ll be used. If possible, request individual copies of unit keys instead of maintaining a master. Also notify residents when the key to their home has been removed and why.
Keep Accurate LogsKeep a log of which employees and board members are authorized to access which keys and when. Be sure to update this record and collect any unreturned keys when an employee leaves or when new board members are elected.
In case you need to investigate a possible issue with key abuse, ensure you have a way to pull reports on demand. Using an
electronic key control system to create an electronic log minimizes the possibility for human error and manipulation.
Implement the Right System From the Right PartnerTo secure keys, implement a patented key control system (a recommendation that’s supported by the ALOA). If you use electronic locks and use preprogrammed access fobs or proximity cards, consider using an electronic key control system to restrict access to those tokens. Just be sure to
choose your key control partner carefully — one of homeowners’
top complaints about associations is when management chooses low-quality or unethical vendors.
Train Employees and Board MembersImplement
periodic key control training for employees and board members. This ensures that those responsible for keys know what’s expected of them and are aware of the consequences for failing to follow your key control procedures.
Without taking the right precautions, your master keys could be mastering you. By taking steps to secure keys and hold authorized users accountable, you can avoid costly security breaches and put homeowners’ minds at ease.