ELI5: What is Tailgating/Piggybacking?
You know how someone might slip through a door right behind you before it closes? That’s tailgating. The person didn’t use their own badge — they just followed you in. It works because most people are too polite to close a door in someone’s face.
Definition
Tailgating (also called piggybacking) is a physical security bypass technique where an unauthorized person follows closely behind an authorized person through a secured door or access point without using their own credentials. The attacker exploits human politeness—people typically hold doors open for others—or follows so closely that the door closes on neither person. It is one of the most common physical security vulnerabilities.
Key Details
- Tailgating: Following someone without their awareness—the authorized person doesn’t realize they’re enabling access.
- Piggybacking: With the authorized person’s awareness and (possibly unwilling) complicity—they hold the door knowing the follower isn’t authorized.
- Primary defense: access control vestibules (mantraps)—physically prevent two people from passing through with one authentication.
- Security awareness training: Teach employees that it’s appropriate to question individuals who don’t badge in independently.
- Guards providing challenge protocols: Security personnel trained to require authentication from all individuals, even if accompanying someone else.
Connections
- Parent: social-engineering — a physical social engineering attack
- See also: access-control-vestibules-mantraps