In short, don’t be a criminal and don’t be an idiot.
A bonus rule for escape room players so that our readers who also own escape rooms don’t mail me a bomb: Don’t bring a damn lockpick kit into an escape room. That is not the point of the escape room… and that’s not the point of this post.
How pin & tumbler locks work
While not succinct, this video provides a through explanation of how your typical pin & tumbler lock operates.
A good starter lockpick kit
There are a ton of junk lockpick kits on the market. Any lockpicks that you find on Amazon are crap.
If you want to dabble in lockpicking, here are the tools you’ll need to start out:
North American locks generally have a wider, more open keyway than European locks, so you can get into them with thicker picks. This is great for pickers because the heftier metal is less likely to break (although they will eventually).
I recommend North American newbies pick up the Kick Start from Sparrows.
This comes with a triple peak (for raking), a city rake (for rocking), and a pair of hooks (for single pin picking). That’s enough to get anyone started. If you’re looking to drop a little more money, you may want to add on a worm rake and a classic snake rake as raking is the first skill you’ll want to learn.
If you’re a European, you’ll need thinner picks to maneuver in tighter keyways. I recommend that you explore lockpicking on American locks first because it simplifies some of the early skill-building.
Bill is an incredibly talented picker, but his real superpower is explaining stuff in an effortlessly engaging and entertaining way. Most of what I know about picking I’ve learned from his videos… Lisa will confirm… I watch them daily on 1.25 speed.
Bill has an old, slightly politically incorrect video that walks you through all of the standard lockpicking attacks for a typical pin & tumbler lock. These are the basics:
A few locks to learn on
Some of the most common locks are also among the easiest to learn lockpicking on. This may shock some of you, but the following are locks openable with minimal training by beginners:
This exceptionally common lock comes in a few sizes and all of them use the same core (locking mechanism) in different sized bodies (except for the itty bitty Masterlock No.7, which uses an even smaller, junkier core, but it’s a harder pick because it’s tough to maneuver in it).
I recommend the Masterlock No.3 because it’s affordable and comfortable to hold.
If you get serious, you should buy a bunch of locks that all look the same but are pinned differently, so that you can rotate through them and really learn how to manipulate the lock (rather than memorize how to open one particular lock). This is a tip that I’m borrowing from The Lockpicking Lawyer.
I do want to make sure that this is clear: these locks offer little to no security. While these Masterlocks are incredibly common, that does not make them strong. If there’s interest, I’ll do a follow-up on more serious locks.
Resources for diving down the rabbit hole
For additional information, I have three go-to sources:
Bill’s website LockLab, which has tons of tutorial information
The LockPicking Lawyer’s near daily videos which I watch on 1.5 speed because he is probably a trial lawyer who has been trained to slowly articulate every word he speaks… which he does magnificently, but I have stuff to do.
(If you purchase via our Amazon links, you will help support Room Escape Artist as we will receive a very small percentage of the sale.)
Information security and operational security are issues near and dear to my heart.
When I am not escaping rooms, I do digital strategy and user experience work for large web applications. I have designed some life or death systems.
Whether you’re dealing with a major organization’s mission critical software or an individual on the internet, basic password security is important.
Passwords & escape room companies
At the Chicago Room Escape Conference, Dave Ferrier of Trapped PHL gave a talk on the “nuts and bolts” of running an escape room. He dropped a ton of knowledge on the audience in a very informative talk.
One issue he raised, which I hadn’t even contemplated, was the volume of usernames and passwords that a room escape company needs to operate the business:
Groupon / Livingsocial / other marketing platforms
Among many others.
He recommended that companies maintain a Google Doc with all of their accounts, usernames, and passwords.
I loved his talk and his point was well taken… but the recommendation to use Google Docs broke my heart. I don’t blame him; account security isn’t common knowledge. I regularly have to teach people who should know better about this stuff.
Storing account credentials unencrypted is never safe.
Why password security matters
“Hacking” isn’t generally what Hollywood portrays: the nerdy guy or the tattooed punkish sexy geek girl clacking away on a computer in a monitor-lit room, then saying “I’m in!”
Yeah, that shit is fake.
The easy way to do real damage and make money is through social engineering and exploiting leaked password data. This requires no technical skill and no code.
Here’s how it works:
Some asshat wants to seize an account and do some bad stuff (make fraudulent purchases, add a computer to a botnet, steal naked selfies, whatever…). All this nefarious putz needs to do is get their hands on one good username and password combination and they can generally own all of their victim’s systems.
Why? The tragic magic of password reuse.
Far too many people reuse passwords. When a major password leak happens — and they happen all ofthetime — these criminals can grab username/ password combinations and try them in other accounts. This works because the username/ password that many users use in Dropbox is the same as their Amazon or Gmail credentials.
As soon as a set of credentials works on an email account, the whole ballgame is over. They can reset passwords on your other accounts because password resets filter through email.
How to properly handle password security
First, stop reusing passwords. Every account you own should have a unique password.
But how are you supposed to remember all of this? Easy. You don’t.
Get yourself a password management system. I recommend:
These are systems that will generate large, random, alphanumeric, symboled passwords… and store them for you. As LastPass & 1Password’s names imply, you only need to remember one password to gain access to the system.
These things will allow you to:
greatly diminish the risks of password reuse
store your passwords in an encrypted format
privately share passwords with people who need access
allow easy access on desktop and mobile
They offer a lot of additional benefits. I use LastPass and 1Password (work and personal), and they are the best investment I’ve made in paid software (something like $12 a year).