From The Urbach Letter –
How to Duplicate Your House Key by Taking a Photo of It
You're going to react in one of two ways to this: either you're going to say, "That's a great idea!" or "That's a really horrible idea!" A startup firm in San Francisco with the strange name of Shloosl has developed technology that'll make "better than new" copies of your house keys from just an emailed photo. I tried the service, and it absolutely works. However, as with many (if not most) technological advances, this key duplication service can be used for evil as well as good. I'll explore the dark side with you soon, but first, here's how and why the system works.
Understanding Keys and Locks
When you bring your key to the hardware store or locksmith for duplication, it's clamped in a machine along with a matching blank and a cutter follows the contours of the original key. This is a very analog operation. The duplicate will never be more accurate than the original, and if the machine isn't well maintained or the operator isn't careful, tiny added errors can make the copied key much harder to use than the original. This is compounded when you make a copy of a copy (and so on).
However, key shapes are not infinitely variable. The pins inside your lock come in standardized lengths and therefore the grooves in your key have matching, discrete and ideal depths. By digitally analyzing the key to be copied, Shloosl's optical algorithms can determine what its contours SHOULD be, and use that information to create a copy that works even better than the original.
So, that's a reason to be enthusiastic about this service. Perhaps in the future, key duplication machines may get smarter and also do this contour correction trick, but right now the only way to get your key made this way is by having Shloosl's robots go to work.
 Hold your key in one hand in front of a blank wall or above a piece of paper and photograph it with your cell phone about 4 inches away. Flip the key over and shoot the reverse side the same way.
 Email the two photos to email@example.com and wait a few minutes. There's no order form or any information required at this point. You'll only get a confirmation message with a note saying that a robot will email you as soon as it finishes analyzing your photos.
 In a few more minutes, you'll get a second email confirming that your key can be copied, and containing an order button/link. Most keys cost $5/each and shipping anywhere in the United States is included.
 Enter your shipping and payment info in the order form.
 You'll next receive a final confirming message which contains a fascinating video link showing the robot analyzing your actual key and calculating its ideal contours. This alone is worth the price of admission.
 Your key is mailed to you in a plain unmarked envelope.
That's all there is to it. However, now I think you're seeing both the upside potential of this service, as well as its dangers. But let's stay positive for the moment.
The availability of a service like Shloosl means it is no longer necessary to have physical possession of a key in order to make a copy. Actually, that's not true. It's always been possible to make a wax or clay impression of a key and use that to create a duplicate. However, going from impression to new key is not nearly as easy and fast as snapping a photo and emailing it.
The service does have some procedures in place to discourage "drive by" key copies, where someone quickly snaps a photo of your keys lying on a desk for example. They require each key to be held in your fingers with the head of the key visible. If the key is stamped "Do Not Duplicate" they won't accept it. Further, since a credit card is required for ordering, that provides a certain level of identification and address verification. Shloosl also says they'll cooperate with law enforcement agencies but that there haven't been any police inquiries to date.
What about hackers? Quoting from the keysduplicated.com site: "Your information is kept safe and then quickly purged. Your key and its associated information are stored on our server with bank-grade cryptography. Your shipping information is redacted from our system a few days after we ship your key. That way, no one (including us) can associate your key with your address."
While (in general) hacking is a very legitimate concern with respect to identity theft and financial shenanigans, my personal opinion is that it's a real stretch to think that criminals are going to resort to this just to obtain a key to your house. Locks don't do much more than keep honest people out. Most are nearly worthless against bad guys. They are easy to pick and/or a cordless drill will almost silently take one out in less than a minute.
Still, having a working key allows folks with evil intent quick entry to your premises without leaving physical damage evidence, so you do need to take steps to secure your keys. Most people don't do that to begin with. They leave them hanging on a hook while working out at the gym for example, or lying on top of their desk all day while at the office. Again, I believe the risk is more from stalker types or disgruntled exes than professional criminals, but what do I know?
It's not just my opinion that regular house locks give people a sense of false security. Ask any cop: you cannot rely on (non-high security) locks to keep someone out of your home. If you doubt this, then you've never heard of a bump key or seen one in use. It's estimated that bump keys can quickly open about 90% of household locks. You can either make your own or readily buy a set at Ace Hackware or on Amazon.
My biggest problem with Shloosl, aside from their strange name (by the way, the word for key in German is Schlüssel), is delivery by postal mail. Unless you have a mail slot or a locking box, I'd recommend mailing the key to your office or a friend's address rather than have it sit in an open box right next to the door the key actually opens.
As I said at the beginning, you'll either find this to be a really cool, useful service, or you'll be terrified by its evil possibilities. I personally don't think Shloosl's too worrisome in its current incarnation, but we should all be more aware of what lies just ahead. By extension, many things we once considered very secure may no longer be in the near future.
(c) Copyright 2002-2013 Victor Urbach
This article may be reprinted with permission and attribution