Exploring the Lockpicking Rabbit Hole

I’ve been picking locks since high school. For me, lockpicking has never been a nefarious thing, in spite of the stigma surrounding it. This activity is about knowledge, dexterity, and skill.

If you’re looking to commit a crime, then a bolt cutter, crowbar, and hammer will likely be your most effective breaching devices.

The benefits of lockpicking

We live in a world of locks and most of them offer very little protection… and most people don’t even know it.

When it comes to security, physical or digital, I think that the best way to defend oneself is through understanding.

Plus, the mechanisms are really cool and I enjoy developing finesse skills.

Ethics, common sense, & the law

One more thing before we get into specifics: There are a few ethical and common sense rules that all lock pickers should follow, regardless of skill level:

  1. Don’t pick a lock unless you own it or have permission to pick it.
  2. Don’t pick a lock that you need to rely on.
  3. Be aware of the laws in the countries, states, counties, and municipalities that you visit. Most places in the US are lockpicking-friendly, but a few are not (especially Tennessee).

In short, don’t be a criminal and don’t be an idiot.

A bonus rule for escape room players so that our readers who also own escape rooms don’t mail me a bomb: Don’t bring a damn lockpick kit into an escape room. That is not the point of the escape room… and that’s not the point of this post.

How pin & tumbler locks work

While not succinct, this video provides a through explanation of how your typical pin & tumbler lock operates.

 

A good starter lockpick kit

There are a ton of junk lockpick kits on the market. Any lockpicks that you find on Amazon are crap.

If you want to dabble in lockpicking, here are the tools you’ll need to start out:

North American locks generally have a wider, more open keyway than European locks, so you can get into them with thicker picks. This is great for pickers because the heftier metal is less likely to break (although they will eventually).

I recommend North American newbies pick up the Kick Start from Sparrows.

kickstart-lock-picks

This comes with a triple peak (for raking), a city rake (for rocking), and a pair of hooks (for single pin picking). That’s enough to get anyone started. If you’re looking to drop a little more money, you may want to add on a worm rake and a classic snake rake as raking is the first skill you’ll want to learn.

If you’re a European, you’ll need thinner picks to maneuver in tighter keyways. I recommend that you explore lockpicking on American locks first because it simplifies some of the early skill-building.

How would I go about using this stuff?

LockLab’s “Bosnian Bill” is lockpicking’s YouTube star.  If you think I’m being facetious, he has over 338,000 subscribers and more than 96,400,000 views on his more than 1,100 videos.

Bill is an incredibly talented picker, but his real superpower is explaining stuff in an effortlessly engaging and entertaining way. Most of what I know about picking I’ve learned from his videos… Lisa will confirm… I watch them daily on 1.25 speed.

Bill has an old, slightly politically incorrect video that walks you through all of the standard lockpicking attacks for a typical pin & tumbler lock. These are the basics:

 

 

A few locks to learn on

Some of the most common locks are also among the easiest to learn lockpicking on. This may shock some of you, but the following are locks openable with minimal training by beginners:

Master Lock 141D

Also known as the escape room locker lock (because they are cheap and look official), the 141D is fun to learn on because it’s a trivial pick. “But don’t worry, your phone is secured.”

Masterlock No.1, 3, & 5

This exceptionally common lock comes in a few sizes and all of them use the same core (locking mechanism) in different sized bodies (except for the itty bitty Masterlock No.7, which uses an even smaller, junkier core, but it’s a harder pick because it’s tough to maneuver in it).

I recommend the Masterlock No.3 because it’s affordable and comfortable to hold.

If you get serious, you should buy a bunch of locks that all look the same but are pinned differently, so that you can rotate through them and really learn how to manipulate the lock (rather than memorize how to open one particular lock). This is a tip that I’m borrowing from The Lockpicking Lawyer.

I do want to make sure that this is clear: these locks offer little to no security. While these Masterlocks are incredibly common, that does not make them strong. If there’s interest, I’ll do a follow-up on more serious locks.

Resources for diving down the rabbit hole

For additional information, I have three go-to sources:

(If you purchase via our Amazon links, you will help support Room Escape Artist as we will receive a very small percentage of the sale.)

Password Management For Escape Room Companies & Individuals

Information security and operational security are issues near and dear to my heart.

When I am not escaping rooms, I do digital strategy and user experience work for large web applications. I have designed some life or death systems.

Whether you’re dealing with a major organization’s mission critical software or an individual on the internet, basic password security is important.

A black & white closeup drawing of a computer keyboard.

Passwords & escape room companies

At the Chicago Room Escape Conference, Dave Ferrier of Trapped PHL gave a talk on the “nuts and bolts” of running an escape room. He dropped a ton of knowledge on the audience in a very informative talk.

One issue he raised, which I hadn’t even contemplated, was the volume of usernames and passwords that a room escape company needs to operate the business:

  • Email
  • Facebook
  • Twitter
  • Instagram
  • Pinterest
  • Website administration
  • Ticketing system
  • Groupon / Livingsocial / other marketing platforms
  • Payroll system

Among many others.

He recommended that companies maintain a Google Doc with all of their accounts, usernames, and passwords.

I loved his talk and his point was well taken… but the recommendation to use Google Docs broke my heart. I don’t blame him; account security isn’t common knowledge. I regularly have to teach people who should know better about this stuff.

Storing account credentials unencrypted is never safe.

Why password security matters

“Hacking” isn’t generally what Hollywood portrays: the nerdy guy or the tattooed punkish sexy geek girl clacking away on a computer in a monitor-lit room, then saying “I’m in!”

Yeah, that shit is fake.

The easy way to do real damage and make money is through social engineering and exploiting leaked password data. This requires no technical skill and no code.

Here’s how it works:

Some asshat wants to seize an account and do some bad stuff (make fraudulent purchases, add a computer to a botnet, steal naked selfies, whatever…). All this nefarious putz needs to do is get their hands on one good username and password combination and they can generally own all of their victim’s systems.

Why? The tragic magic of password reuse.

Far too many people reuse passwords. When a major password leak happens — and they happen all of the time — these criminals can grab username/ password combinations and try them in other accounts. This works because the username/ password that many users use in Dropbox is the same as their Amazon or Gmail credentials.

As soon as a set of credentials works on an email account, the whole ballgame is over. They can reset passwords on your other accounts because password resets filter through email.

How to properly handle password security

First, stop reusing passwords. Every account you own should have a unique password.

But how are you supposed to remember all of this? Easy. You don’t.

Get yourself a password management system. I recommend:

These are systems that will generate large, random, alphanumeric, symboled passwords… and store them for you. As LastPass & 1Password’s names imply, you only need to remember one password to gain access to the system.

These things will allow you to:

  • greatly diminish the risks of password reuse
  • store your passwords in an encrypted format
  • privately share passwords with people who need access
  • allow easy access on desktop and mobile

They offer a lot of additional benefits. I use LastPass and 1Password (work and personal), and they are the best investment I’ve made in paid software (something like $12 a year).

LifeHacker has a great writeup of password management software. They also offer a superb starter’s guide for LastPass.

It’s really important that your password for your password management software is really good.

Please, take the time to handle your passwords properly.

Practice safe computing.