I went to visit my sister in Southern California, and she asked me to get a spare house key made so I’d have one to use during my visit. I took her key and drove to the nearest hardware store, which happened to be Home Depot. If I had done it here in Sebastopol, I would have gone to Sebastopol Ace Hardware, and one of the nice people who patrol the aisles would take me over to the key center, pick out an appropriate blank based on the existing key (in this case, a Kwikset lock), clamp the original and the blank into a glorified grinder, and grind the blank into a copy by following the pattern of the existing key.
At the Home Depot, they also have a have a “key center.” But unlike Sebastopol hardware, Home Depot offers a high-tech key duplication system called KeyHero (www.mykeyhero.com). KeyHero—and its associated KeyKrafter machine—is a joint venture between The Hillman Group, a long-time producer of key blanks and key duplication machines, and UniKey, a tech startup seeking to replace your physical keys with your smartphone. UniKey provides an interesting twist to the mundane process of getting a spare key made.
As far as getting the spare made, the first step is to find an “associate” to help you. (Finding said associate is one of the big downsides of patronizing a big box hardware store). Once you track one down, the associate takes your key, enters a code on the touch screen to unlock the system, and places your key into a slot in the machine. The system scans your key and tells the operator which key blank is needed. Once inserted, the system grinds the blank into a new key, much as a human operator would. So far, not much different than the experience in Sebastopol.
At this point, however, you’re given the option to store the information used to create the new key “in the cloud” using secure—they say—technology from UniKey that employs “military grade” encryption. By using an associated KeyHero app on your smartphone, your key can now be replicated at any Home Depot location by you, or someone you authorize. In theory, you can never “lose” the key. As the KeyHero website touts, “Say goodbye to lockouts.”
Keys in the cloud
Because I write about technology and don’t worry too much about security, I gave the KeyKrafter machine my mobile phone number, and downloaded the KeyHero app for my phone. To use the app, you have to create an account, supplying your name, email, and a password of at least 8 characters, containing a number. You receive a text when your digital copy is ready, and clicking a link in the text adds it to your account. Once you’ve done that, you can cut a new copy of the key (you must be at a KeyHero machine, i.e. Home Depot), or share the key by providing the phone or email of the person you want to share with. They will go through the same process of having to get the app and create an account in order to access the shared key.
I asked the Home Depot associate who assisted me whether many people saved their keys in the cloud, and he told me that not many did. This isn’t terribly surprising to me: people are concerned about their privacy and security. UniKey makes a big point of the fact that the app doesn’t ask for anything more than your email and name, and that the app requires a password every time you use it. When you make a new key using the digital copy, you must open the app with the password, and enter a temporary PIN code provided by the machine to allow the data to be sent to the machine and new key to be cut.
It all sounds pretty secure. You have to have your phone, you have to know the password to access the app, and you have to enter a code provided by the machine to create a new key. The app doesn’t know where you live (or anything about you other than your name and email), so it would be hard to work backward from the (encrypted) key to the lock that it opens. As noted security expert Bruce Schneier said, “I’m not saying that you shouldn’t use this [new thing], only that you understand that new technology brings new security risks, and electronic technology brings new kinds of security risks.” It’s good advice.
The problem for most consumers, though, is that at first glance KeyHero seems like “I put my front door key on the Internet.” Given the ongoing bad news about security breaches, most people are going to opt to keep their keys in their pocket and not in the cloud.
