When it comes to installing your Access Control system, you know by now that a proximity-based Access Control solution is easier to sell and a lot easier to manage.

But when your client wanted a low-fuss, low management solution but the tokens keep getting lost, residents move away and you have to keep sending off tokens to continually update the access permissions, what happens?

A lack of building security resulting in an unhappy client, and worried residents.

So what’s the fix? If you’re curious as to why physical tokens have suddenly become an ineffective way to manage your Access Control system. Read on.

Plus, we’ll tell you how you can avoid facing this problem in future.


Token technology was developed 40 years ago, and immediately saw heavy adoption in the Access Control industry. Physical tokens have been such a staple of the Access Control industry that they are still heavily used today – so why have they suddenly become ineffective?

Well… it’s not a sudden change, they’ve always been ineffective.

New technological advancements such as Bluetooth Access Control have shone a light on the pitfalls associated with physical tokens, pitfalls that everyone has previously ignored for 40 years due to a lack of a better alternative.

So what exactly are these pitfalls we’re talking about?

Physical tokens can be easily stolen and cloned.

A simple search on eBay resulted in numerous listings, all offering NFC cloning devices. There are even some websites that offer token cloning services for less than a tank of petrol – see the image below for an example of this…

Whilst the technology inside the tokens has improved over their 40 years of use to make them more secure (125khz – 13.56MHz Mifare – AES 128 Bit), hackers are always finding new ways to clone physical tokens, meaning that if your installation uses tokens that use basic forms of token encryption, then your installation is at risk.

Another security risk of token based Access Control systems is that there is a significant time delay when sending off replacement tokens for new/existing residents.

According to a number of security experts within the Access Control industry, most building management companies/housing associations still have a large number of tokens in circulation that belong to past residents – this delay in updating the access permissions, or worse still not updating them at all, results in a huge security breach, as disgruntled residents can access the building when they want to.

Physical tokens are difficult and expensive to manage, as residents are continuously losing or misplacing them.

Your engineers then have to program these tokens, and send them off in the post directly to the resident. This wastes an engineers’ precious time on a menial task, whilst the resident has to wait 2-3 days for their token to arrive. So, the simple mistake of losing a token can waste a minimum of half a week’s worth of time for you and the resident.

Clients have been attempting to reduce the amount of high-touch surfaces, and contact points within their buildings to protect both residents and visitors.

This switch to contact-less Access Control has only been accelerated in the COVID-19 pandemic; where in a lot of cases, buildings must implement COVID safe practices. As such, there is a newly created demand for mobile access tokens which are stored on a resident’s smart phone.

Physical tokens do not allow for contact-less entry, as whilst the tokens do work based on proximity to the reader, the majority of residents and visitors will always touch the token to the reader – causing an unnecessary transfer of bacteria between the reader, the tokens and the person entering the building.

In the midst of a global pandemic, developers, clients and installers alike are recognising the potential danger of continuing to use physical tokens to manage their Access Control systems.

However, Access Control can be used to help combat the spread of bacteria and viruses, which we cover in depth below.

Hygiene Considerations

The use of Bluetooth mobile credentials has seen significant growth over the past few years, with 26% of all end users now offering mobile credentials in 2020, this is up from less than 5% in 2018.

These figures show that Bluetooth mobile credentials have experienced 520% year on year growth in the past 2 years; by 2023 it is predicted that 120 million mobile credentials will have been downloaded by end-users globally.

In the UK, we are also seeing high adoption rates of Bluetooth Access Credentials on smartphones, pushed primarily by high adoption rates from office and hotel buildings, but it is now being more commonly adopted for residential applications.

Bluetooth Technology Adoption

(UK Access Control Industry)




Gartner, a global leader in technological research, predicts that adoption of Bluetooth access technology in the UK Access Control market will be significantly higher at the end of 2020, and adoption levels will continue to grow strongly for the next few years.

Ok, so Bluetooth technology looks like it’s beginning to surge in the industry, but why should you care?

  • ‘It’s new technology so is it tested?’

  • ‘Is it Secure?’

  • ‘Is it expensive?’

All of these are valid concerns, but Bluetooth technology does seem to have an advantage compared to physical access tokens… we’ll discuss these benefits, and the apparent drawbacks in the section below.

Bluetooth Low Energy Access Control is simply an updated version of Bluetooth Access Control. Specifically, Bluetooth Low Energy (BLE) can also be referred to as Bluetooth 4.0, which was released in 2011.

Bluetooth Low Energy technology is ideal for devices that do not need to exchange a lot of data (e.g. a mobile credential), whereas Bluetooth technology is better suited to devices that need to exchange larger amounts of data frequently.

The key difference between the 2 is that Bluetooth Low Energy uses significantly less power, meaning that when used on a smartphone, it doesn’t drain the battery.

Unlike conventional Bluetooth, BLE remains in sleep mode until a connection is made. Meaning that unless the user is near a reader attempting to gain access to the building, the connection remains in sleep mode – helping to preserve the battery further.

So for managing a user’s mobile credential on their smartphone, it seems like Bluetooth Low Energy is the better choice.

But what are the benefits and drawbacks of switching to Bluetooth Credentials to manage your Access Control system? We discuss this in depth below…

Bluetooth Low Energy (BLE) Access Control Benefits & Drawbacks

Bluetooth Low Energy technology is clearly beginning to catch on in the UK Access Control industry, 46% of all security installers say that Bluetooth Low Energy technology is better than NFC technology.

This figure alone shows that a significant proportion of security installers feel that Bluetooth Low Energy technology is the best way to manage your Access Control system, so surely it must have some benefits? We take a closer look at these below…


Using a smartphone to store the Bluetooth mobile credentials makes the building more secure in the following ways:

  1. Smartphones, in comparison to tokens, are rarely lost. Therefore reducing the possibility of a person finding the misplaced phone, and then potentially having access to the building.
  2. If the smartphone was lost/stolen, whoever found the phone would NOT automatically have access to the building, as would be the case with physical tokens. This is because the Bluetooth connection, which grants access to the building, is not activated in long-range mode until the phone is unlocked. Therefore, if the phone cannot be unlocked, long-range access cannot be granted.

Bluetooth credentials are easier to manage for both the building manager and the installer, as all management can be conducted remotely.

This means that should a smartphone be lost, or the credential need updating, the building manager can immediately revoke and/or allocate access where appropriate. This saves cost and time for both the client and the installer, as an Access Control engineer does not need to program and send the new/updated tokens in the post direct to the resident – as this can all be done remotely by the building manager.

Bluetooth tokens are more convenient for the residents for a number of reasons, these being:

  1. 60% of installers agree that using a mobile phone, instead of a separate access card is more convenient for the end-user.
  2. There is no need to remember a pin/passcode as the smartphone’s proximity to the reader will grant access to the building, with the smartphone acting as a unique resident identifier.
  3. There is no additional hardware required by the resident or the installer. As long as the resident has a smartphone, then they can utilise Bluetooth credentials. This shouldn’t be a problem considering the amount of people who own a smartphone in the UK

NOTE: The 16% of people who do not have a Smartphone are aged 64+, this figure rises to 97% when considering the age groups 16-55.

Bluetooth Low Energy Access allows for a significant increase in read range, without compromising security.

  1. The resident can still utilise proximity access up to a range of 20cm without action on the App or Smartphone.
  2. Bluetooth Low Energy Access allows for long-range access from up to 15 metres, so the resident can have the door open by the time they have walked to the building. This method of entry does usually require action on the App, such as pressing a button, to prevent the door being opened unintentionally.

Now more than ever, high hygiene standards are an essential criteria for safe working practices.

The use of virtual access credentials can help to improve the hygiene of the building in 2 key ways:

  1. Residents/employees will no longer have to carry around a token that is pressed on a reader that is used by 100’s of other people per day. Simply presenting their phone near the reader, as opposed to on the reader, eliminates this contact point.
  2. Access Control systems can be used to track who has entered the building and at what time. Upon entering the building, a notification can be sent to the smartphone reminding the user to sanitise their hands before entry.

Ok, so Bluetooth Low Energy Access Control clearly has some good benefits to consider, but surely it has some down sides, right?

Well in a word, yes. We delve into these below…


How can security be both a benefit and a drawback?

A fair question; whilst overall Bluetooth Low Energy technology is very secure due to the reasons already discussed, there are still security concerns such as if the Smartphone was stolen.

The person who found the phone can still enter the building using short-range proximity access, as this does not require the phone to be unlocked. This is same security concern that is associated with physical tokens.

As Bluetooth technology is still relatively new to the UK Access Control industry, the cost of Bluetooth enabled readers is more than the standard proximity reader,
resulting in a higher equipment costs. Therefore, Bluetooth Low Energy Access Control is not financially feasible for every project, especially if your budget for a project is low.

So, to summarise. There are more benefits to Bluetooth Access Credentials than there are drawbacks. But, before you look to propose Bluetooth Access Credentials for one of your sites, you’ll have a few questions, such as:

‘Who provides this solution?’

‘Where can I find out more?’

‘How is it installed and managed?’

Fortunately, Urmet have a solution, and it has been specifically designed to be easy to install and manage for the installer, building manager and end-user.

We’ve written an article, describing the Urmet Bluetooth Solution in detail, click the button below to read all about it!

Take me to the Urmet Bluetooth Solution