I’m preparing to teach lockpicking to my class of 20 students in my information security management course at CU Boulder as an object lesson on the importance of physical security. My colleague Tony Vance has done the same at BYU, so he shared with me how he approaches it. I’m documenting what I’ve done.
- Make lock stands out of wood. I used 2x4 cut to 11”, which I screwed onto some scrap 1x wood I had lying around. Screws need about 1” bite, more going into endgrain,
so I used 2” screws for the joint. (I’ll post a picture soon). 2x4’s are just baaarely wide enough to receive a doorknob jig like this,
but it doesn’t matter if the hole goes off the wood a bit. The deadbolt doesn’t rely on a perfectly in-tact hole for stability. (You don’t have to use a stand – you can just hold the deadbolt in the same hand applying the tension. But I think the stands are fun.)
- 1” hole saws, like the kind that come in knob jigs, are a bane of my existence. I had the hardest time getting them to release the wood plug. I much prefer using a 1” spade bit.
I bought a slew of Defiant single-cylinder deadbolts, $11 each. They use a KW1-keyway. Defiants are good for beginners, but that doesn’t mean they’re too easy for beginners. All Defaint deedbolts have at least once security pin (a spool) in position #3. But even with those, I picked my first lock within two days.
Since these deadbolts use a KW-1 keyway, they’re bumpable with these bump keys, which I also bought several of. These deadbolts aren’t expensive enough to have any kind of anti-bumping pins, so they’re super bumpable. For bump hammers, I just bought a bunch of <$1 screwdrivers from HD. They work well enough. I strike with the handle.
For lock picks, I ordered several sets of Southord “Eleven Piece Lock Pick Set With Metal Handles”. This set also looks nice, and they’re a little cheaper, but I haven’t tried them.
- My first read was Deviant Ollam’s Practical Lock Picking: A Physical Penetration Tester’s Training Guide, which got me started. I struggled my first day though – probably because I didn’t read far enough into it to learn about security pins. Reading Lock Picking: Detail Overkill, which I found on the /r/lockping wiki, helped me get a better feel for the right amount of tension to apply, and also for how to deal with the spool security pin. Also, by the second day, I had a better feel for how to hold the pick and tension wrench. I think sleeping on it helped. I’ve been practicing at the office for 2-minute breaks, and it’s feeling even more natural.
The single lock picking stand on my desk right is very interesting to anyone who visits my office. I haven’t taught that class yet, but the students are excited. My neighbor isn’t so excited (“Hi Dave, what’s new?” “Just picked my first lock!” “… so my neighbor is a criminal…” “I’m also going to teach it to 20 college students, making them all criminals, too.” “… oh, that’s… good.”)
David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. He earned his Ph.D. degree in Information Systems from the University of Pittsburgh. His research interests include human-computer interaction and information security. He has coauthored several articles in these areas using neurophysiological and other methodologies in outlets such as the Journal of the Association for Information Systems, the European Journal of Information Systems, the International Conference on Information Systems, and the Hawaii International Conference on System Sciences), along with the Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI). More about the author →