Lifehacker caused a bit of a stir by posting a link to Shloosl, a service that will mail you a copy of your key in exchange for a pair of digital photos of it and $5. Then they claimed the key worked better than a hardware-store copy, which really set some commenters off.
Is it bad security? And how does it work?
Keys are actually standardized. When you buy a lock, there’s a code on the back that you can use to buy like-keyed locks. But that code is also enough information for a locksmith to make a key. The code is just the measurements of the key.
What Shloosl is probably doing is taking the photographs, sizing them, fixing perspective, measuring the key, then rounding up to the nearest standardized setting to compensate for wear. So can it work better than a copy of a worn-out key from the local hardware store? Probably.
So, just how bad of an idea is it to mail-order a copy of your housekey?
If the mail were intercepted, and the interceptor knew what Shloosl was, that could be a problem. But then again, I know at least two people who could pick my lock more easily than they could intercept the mail. For that matter, someone could just drill the door into your basement with a cordless drill and be inside in less than a minute, too. And that’s no big secret–I learned it from watching an investigative news program on locksmiths. That’s actually what some shady fly-by-night locksmiths do when you call them–drill your lock, take your $100, and disappear into the night.
Keeping a determined attacker out of your house is likely to cost more than you really want to spend anyway. A coworker recently replaced his locks, and brought his new, ANSI Grade 3 (commercial quality) locks in to work for a hobbyist locksmith we work with to go crazy admiring. Indeed, they were awesome, and he spent 15 minutes telling anyone who would listen why, but then he spent five minutes telling anyone who would listen how they could still be defeated.
So while I’ll just take my chances with keys made at the local hardware store, the idea of Shloosl doesn’t actually bother me all that much. If they mail the key in a discreet package and don’t store your information, the risk is negligible. Even if they don’t do it right, your local hardware store is the bigger security risk, since they sell everything that someone would need to break into any house in my neighborhood.
My locks are only one part of my home defense. It’s my dog, my neighbors, and the presence of two police departments three minutes away a would-be intruder need to worry about. How long it would take to get past my locks is the easy part. Sneaking past my neighbors who notice everything? That’s the hard part.