How do we feel about membership cards? I’ve been thinking about what to use to identify members, and there are all sorts of interesting ideas floating about, so let’s get them written down here.
edit I already changed my mind on this bit My inclination is to make the membership card separate from the door-entry system, for a couple of reasons:
An RFID tag seems to be hard to print on easily
An RFID tag stuck on the back of a card might look sucky
I suspect that we won’t want every new member to immediately get 24/7 carded access.
So I’m thinking that we have a traditional business-card sized card for every member, that has a year, their name and membership number on it. We can easily produce those ourselves just with business-card sheets and a normal printer, and maybe even laminate them for prettyness and resilience.
Alternatively (or additionally), instead of a separate entry-card perhaps extend it a bit, and have each laminated card consist of two layers of card, with an RFID sticker hidden between them. Once laminated it’s hidden, and we don’t have to “enrol” that card in the door system until we want to. That would mean we could still use the tag if we wanted to use them for tracking anything else we do.
Try to remember the key requirements:
easy to produce - we’ll need to create these as members join, and probably annually to track ‘current’ members.
moderately cheap - for the same reasons as #1. (Cursory search on Amazon puts the price of a (card+nfc+card)+lamination at about £1)
I was thinking of something like this (front and back):
 for example, SoMakeIt require new members to be “vouched for” by a couple of other existing “access-granted” members before they get it. Basically stops someone signing up on a Friday evening, then coming in at 5am on Saturday and wrecking the place because they don’t know the rules.
 This is useful for places like Maplin, that have offered members a 10% discount - we need to be able to prove we’re still a member.
The advantage of incorporating the RFID in the card is that if anyone is challenged on their access to the building and/or room by a non SHM member then they will always have their membership card with them as it is their method of access to provide a genuine reason with proof. Having separate membership card & access token means it is possible to forgot the membership card and this might then be a cause of concern by other building users if they enquire why someone is in the building.
I’d suggest doing what I’ve seen done for office security.
Each member gets the door swipe card, AND a membership card of the same form factor. Each person is then issued with a work-style card holder that both slot into, so to ID yourself you just flip that round to show the printed one.
Lanyard or clip-on type, depending on what people like.
I think I’d probably go for a single piece ID. Here are a few of the things I considered
Members will need to carry a human readable membership ID at the Boileroom. If this is the same as the RFID then we can limit issues of members not carrying their ID.
Loss / Theft of RFID part:
With single step authentication if the RFID says who we are on it then we are exposed to a higher risk of unauthorised access.
Cloning ID, fake pass etc. Only so much we can do. Don’t make human readable ID design public!
Mixed up ID:
If using a a separate RFID for example in Laser cutter could they get mixed up?
Members will still need to carry Human readable membership ID whatever the RFID solution is.
I think pre-made (usually) PVC cards might be a better way to go than laminated ones, but only if we can find a way to print them affordably and easily (which looks challenging). Ultimately it isn’t something that has to be perfect first time, we can always issue new cards if we find a better way to do it.
Loss of the RFID is a good point, although we’ll be able to cancel the ID as soon as we hear about it. I’m not sure separate id/fob would fix that, because people will keep them together. I guess a card in a wallet and fob on a keyring sort of reduces the chance of losing a fob with the information about where it’s for.
I suppose, if the membership card doesn’t mention on it anywhere that it is an RFID entry token, it’s less likely that someone finds it, looks us up, hopes we have an RFID system, and then heads over to the BR just to see if this is a card for it.
There is little that be done regards this, however by not mentioning that it has an RFID is some mitigation, though a savvy person could just assume that it is and using a phone app could confirm this and even clone it.
For reference my company ID has my name, photo, personnel-id & company name on it, so if I lose it then amongst other things it could be used to gain access to at least 2 to the company offices, though I actually work at another location so determining the office could be tricky, seeing as they are 50 miles apart by road.
The chance of this being an issue is small and if there was a camera that can capture high quality images (and storing them off site) positioned covering the door inside the room then at least we would have evidence of any intruder.