How RFID Keyfobs Work For Access Control?
Dec 09, 2025
Leave a message
How RFID Keyfobs Work for Access Control?
Direct from the factory floor, written for access control buyers and system integrators
We have been manufacturing RFID keyfobs since 2006. More than the plastic shape, color, or logo, what matters in an access control project is whether the chip, antenna, frequency, data format, and reader configuration match the door system already installed on site.
An RFID keyfob works by using the radio field from a nearby access reader to power a small passive chip inside the fob. The chip sends back an identifier or encrypted credential, the reader forwards that data to the access controller, and the controller unlocks the door only if the credential is valid for that door, user, and time schedule.
That is why custom RFID keyfobs for door access systems should be selected by system compatibility first, and by shell design second. A beautiful keyfob with the wrong chip or wrong facility code will not open anything.
What Happens When an RFID Keyfob Opens a Door?
A passive RFID keyfob for door access control does not contain a battery and does not unlock the door by itself. The decision is made by the access controller or management software. The fob is only the credential carrier.
- The reader creates a low-frequency or high-frequency electromagnetic field around the door reader area.
- When the keyfob enters that field, the antenna coil inside the fob collects enough energy to wake the chip.
- The chip answers according to its protocol, such as EM4200, T5577, MIFARE Classic, MIFARE DESFire, NTAG, or another supported technology.
- The reader passes the credential number, facility code, sector data, or encrypted response to the controller.
- The controller checks the database. If the credential is active and allowed at that door, the relay releases the electric lock.
For most door-entry keyfob projects, this whole RFID door entry keyfob workflow happens in less than a second. If the fob reads slowly, the cause is usually not the plastic shell alone; it may be reader output, antenna tuning, metal keyring interference, poor chip quality, or a data format mismatch.
Frequency and Protocol Landscape for Access Control Keyfobs
LF 125 kHz
Common in legacy proximity systems. Typical chips include EM4100, EM4200, TK4100, EM4305, T5577, HITAG, and HID Prox-compatible formats. Best for replacement projects where the existing reader already supports 125 kHz.
HF 13.56 MHz
Used for smart-card access systems. Common options include MIFARE Classic 1K/4K, MIFARE Plus, MIFARE DESFire EV1/EV2/EV3, Ultralight EV1/C, NTAG21x, ICODE SLIX, and iCLASS-type credentials.
Dual Frequency
A practical option for migration. A dual-frequency access control keyfob can carry LF for old readers and HF for upgraded doors, allowing the site to replace readers gradually without issuing two credentials.
For HF smart-card projects, the reader and credential may need to follow ISO 14443 Type A or Type B behavior. For example, the ISO/IEC 14443 contactless transmission protocol defines communication behavior for proximity cards and objects, while specific chips such as MIFARE DESFire add their own security and application structure on top.
If you are not sure which frequency to use, start with the reader model and existing card sample, not with the fob shape. We have a separate guide on choosing the right frequency for RFID keyfobs when the project includes legacy readers, new encrypted credentials, or mixed door hardware.
The inlay gets potted in clear epoxy, then inserted into injection-molded ABS, polycarbonate, epoxy, leather, or special custom shells. Ultrasonic welding or high-frequency sealing closes the shell. Final thickness is usually kept comfortable enough for daily keyring use, but the antenna area must still be large enough for stable reading.
The Four Parts of an RFID Access Control System
| Part | What it does | What to check before ordering keyfobs |
|---|---|---|
| RFID keyfob credential | Stores the ID number, facility code, sector data, or encrypted application used to identify a user. | Chip type, UID length, memory size, encoding format, printing, numbering, and whether the credential is read-only or writable. |
| Door reader | Creates the RF field, reads the fob, and sends credential data to the controller. | Frequency, supported chip protocols, output interface, and whether the reader accepts the selected card format. |
| Access controller | Compares the credential against the access database and decides whether entry is allowed. | Facility code, card number range, Wiegand/OSDP settings, user schedule, and permission group. |
| Electric lock or gate relay | Physically releases the door, turnstile, elevator floor, cabinet, or gate after authorization. | Fail-safe or fail-secure behavior, relay wiring, power supply, and site safety requirements. |
For a new installation, the reader and controller should be selected together. For replacement fobs, the safest path is to match the current reader and database settings. You can review our RFID access control reader and controller options if the project includes both credentials and door hardware.
125 kHz vs 13.56 MHz: Which Keyfob Should You Choose?
| Choice | Best use case | Main advantage | Main limitation |
|---|---|---|---|
| 125 kHz LF keyfob | Legacy apartment entry, simple office doors, old proximity readers | Low cost and broad compatibility with older systems | Usually static ID only; not ideal for security-sensitive sites |
| 13.56 MHz HF keyfob | New office access, hotel systems, campus credentials, membership systems | Supports smart-card memory, encryption, and read/write use cases | Must match reader protocol and application settings |
| DESFire or SEOS-type credential | Higher-security buildings, enterprise access, multi-application systems | Supports stronger authentication and controlled data structure | Higher chip cost and more configuration work |
| Dual-frequency keyfob | Phased migration from old LF readers to new HF readers | One fob can support two reader technologies | Requires careful encoding so both sides work as expected |
For access control, 125 kHz RFID keyfobs are mainly used in legacy proximity systems with short read range and static identifiers, while 13.56 MHz keyfobs are used for smart-card technologies such as MIFARE, DESFire, and NFC-compatible systems. New installations usually choose 13.56 MHz when encryption, read/write memory, or multi-application use is required.
Typical Factory Cost Drivers for RFID Keyfobs
RFID keyfob factory pricing is driven less by the outside shape and more by chip type, antenna design, encoding work, printing method, numbering method, certificate requirements, and order volume. The table below is a practical comparison for procurement planning, not a fixed quotation.
| Chip type | Typical MOQ | Common use | Cost level | Pre-programming notes |
|---|---|---|---|---|
| EM4200 / TK4100 | 500 pcs | Low-cost 125 kHz proximity access | Low | Usually printed or laser numbered by UID or decimal conversion |
| T5577 / EM4305 | 500 pcs | Writable LF replacement credentials | Low to medium | Encoding format must be confirmed before production |
| MIFARE Classic 1K | 500 pcs | HF access, membership, older smart-card systems | Medium | Sector keys and block data should be supplied if required |
| MIFARE DESFire EV2 / EV3 | 1,000 pcs | Encrypted access and multi-application systems | High | Application ID, key settings, file structure, and personalization rules must be defined |
| Dual-frequency LF + HF | 2,000 pcs | Reader migration and mixed building access | High | Both LF and HF sides should be tested against real readers before mass production |
For accurate pricing, send the target chip, quantity, shell model, logo method, numbering rule, encoding file, and sample reader information.
Security: UID Is Not the Same as Authorization
RFID keyfob security depends on the chip and protocol, not the plastic shape. A low-frequency fob that sends only a fixed ID is easier to duplicate than an encrypted high-frequency credential that uses mutual authentication, diversified keys, or secure applications such as MIFARE DESFire EV2/EV3.
For higher-security access projects, the buyer should ask whether the system reads only a UID, reads a formatted card number, or performs secure authentication with protected application data. The NXP MIFARE DESFire EV3 secure contactless IC is an example of a high-security HF chip family used when stronger authentication and controlled applications are required.
Older 125 kHz systems can still be acceptable for low-risk doors, storage rooms, membership check-in, or replacement-only jobs. For offices, schools, labs, apartment main entrances, and enterprise sites, we usually recommend planning a migration toward encrypted RFID keyfob for secure access control and keeping user permissions managed in software.
For a deeper explanation of encryption, identifiers, and access data protection, see our guide on RFID data security for access credentials.
Things We Learned the Hard Way
Programming and Compatibility Checklist Before Ordering
An RFID keyfob is compatible with an access system only when the frequency, chip protocol, data format, facility code, and card number structure match what the reader and controller are configured to accept. The safest way to order replacements is to provide the existing card type, reader model, sample number format, and required encoding file.
- Reader brand and model, or at least the frequency marked on the reader.
- Existing fob or card sample, including printed number and chip scan result if available.
- Required chip type, such as EM4200, T5577, MIFARE Classic 1K, NTAG213, or DESFire EV3.
- Facility code, site code, card number range, Wiegand format, or software import file.
- Whether the number should be laser engraved, printed, encoded only, or delivered with a CSV list.
- Any special requirement for UID locking, password protection, sector key, application file, or diversified key management.
For large projects, we recommend a pilot batch of 20 to 50 pieces before mass production. That small step catches most RFID keyfob facility code programming errors before thousands of credentials arrive on site.
Custom Options Customers Actually Order
Laser engraved serial number, UID, card number, QR code, or customer asset number
Epoxy drop label for full-color branding and better scratch resistance
Color-coded shells for staff, tenants, visitors, contractors, or membership levels
Dual-frequency LF + HF inlay for migration from old proximity readers to smart-card readers
Pre-programmed number lists packed by department, building, floor, or access group
Material choice also matters. ABS is cost-effective and common for daily access, epoxy gives a premium look and better logo protection, while leather or wooden keyfobs are usually selected for hotels, clubs, and branded membership programs. You can compare shell choices in our ABS vs epoxy RFID keyfob material comparison.
How We Reduce Counterfeit and Wrong-Chip Risk
Wrong chips create real project delays. A batch labeled as DESFire may scan as another chip generation; a "compatible" LF credential may use a format the controller does not accept; a printed number may not match the encoded decimal value. For this reason, we test incoming chip reels, verify sample reads on lab readers, and can provide batch information or authenticity documentation when the chip supplier supports it.
For security-sensitive orders, do not approve mass production based only on the outside shell. Ask for a readable sample, encoding report, chip type confirmation, and test results against the actual reader used at the door.
Typical Lead Times
- Standard 125 kHz EM/TK keyfobs with simple numbering: usually 8–12 working days after artwork and data approval
- HF MIFARE or NTAG keyfobs with printing and UID list: usually 10–18 working days
- DESFire, dual-frequency, custom shell color, epoxy logo, or complex pre-programming: usually 21–30 working days after final technical confirmation
FAQ
Q: Can RFID Keyfobs Be Copied?
A: Some low-frequency or outdated RFID keyfobs can be copied because they transmit a fixed identifier. Encrypted HF credentials are much harder to duplicate because the reader and fob must complete a secure authentication process, not just exchange a visible ID number.
Q: What Information Do I Need Before Ordering Replacement Keyfobs?
A: You should provide the reader model, existing fob sample, chip type, printed number format, facility code, card number range, and any required encoding file. Without these details, the new fobs may scan correctly but still fail in the access control software.
Q: What Happens If An RFID Keyfob Is Lost?
A: When an RFID keyfob is lost, the access administrator should deactivate that credential in the access control software and issue a replacement with a new authorized number. The door lock does not need to be changed because permission is controlled by the database, not by the physical fob itself.
Q: Is 13.56 MHz Always Better Than 125 KHz?
A: Not always. If the building already uses 125 kHz readers and the risk level is low, matching the existing system may be the practical choice. If the project needs stronger security, read/write memory, NFC-related use, or future multi-application support, 13.56 MHz is usually the better direction.
Q: Can One Keyfob Work With Two Different Access Systems?
A: Yes, if it is built as a dual-frequency or multi-technology credential and both systems are configured correctly. This is common when a site keeps old 125 kHz readers on some doors while upgrading main entrances to 13.56 MHz smart-card readers.
A good RFID keyfob is not simply a plastic token with a chip inside. It is a credential that must fit the reader, controller, software database, security policy, and daily handling environment. When those details are confirmed before production, the final batch reads faster, lasts longer, and avoids the most expensive access control mistake: credentials that look right but do not work at the door.
Send Inquiry