You might not think twice about this check-in extra, but it could jeopardize your safety
Think back to the last time you checked into a hotel. Chances are, you handed over a credit card for incidentals and watched while the desk attendant typed away on a keyboard for what seemed like forever. You then probably received a credit-card-sized door key tucked inside a paper envelope. Straightforward, right?
But what happens after you leave the front desk? If you skip one very simple step, you could be making a big mistake regarding your safety. As a travel writer with years of experience, I thought I had this figured out until I realized I had totally overlooked a glaring issue that could potentially put me at risk.
To learn more about what I should be doing every time I check into a hotel, I talked to three security consultants and cybertech experts who explained what I’ve been doing wrong all these years. Keep reading to find out why these safety experts say you may be unknowingly compromising your security too.
Get Reader’s Digest’s Read Up newsletter for more travel, cleaning, humor, tech and fun facts all week long.
What’s the common mistake you’re probably making with your key card?
“Leaving a key card in its sleeve with the room number visible is essentially handing someone both your ‘key’ and the ‘address’ to use it,” warns Daniel Loo, owner of North Star Group, a Texas-based firm providing security consulting and safety assessments. He has advised both independent properties and major hotel brands on guest-safety protocols. “If it’s lost or stolen, it makes unauthorized entry almost effortless for someone with bad intent.”
How big of a problem is this?
Statistics on hotel crime are hard to pin down. Condé Nast Traveler reported that victims of hotel theft don’t often go to the police, and hotels are not necessarily forthcoming about crime on their properties. In addition, police databases don’t always separate property theft stats by the type of dwelling. But a comprehensive study conducted by Ball State and Florida International universities found that 38% of hotel theft occurred inside hotel rooms, not in common areas.
Keeping your room number private is so important that hotel staff carefully guard this information, even if you don’t realize that’s what they’re doing. “Most reputable hotels train staff to write the room number discreetly and avoid saying it aloud to protect guest privacy and safety,” Loo says.
Even the most casual mention of your room number that can be overheard—such as at the bar or in the lobby to a friend or family member—could be cause for concern. “Opportunistic offenders often act on overheard information,” Loo explains. “Keeping your room number private is a basic but critical step in personal safety.”
How do hotel key cards work?
According to Joshua McKenty, an expert in AI, cybersecurity and enterprise tech and the co-founder of New York–based Polyguard, hotel key cards can come in several forms: magnetic stripe, Bluetooth, Radio Frequency Identification (RFID) or Near Field Communication (NFC).
Of these, NFC is preferred by many security experts. “It has the strongest security features and potentially allows guests to use their smartphone or watch as their key card instead of needing a physical card,” he says.
While these cards are gaining popularity, since they don’t require physical cards (and those troublesome envelopes with the written room number), many hotels still currently use RFID key cards, which rely on a door card reader to pick up the card’s unique code to unlock it if it’s a match when tapped or held against the reader.
What are the dangers of RFID cards?
Besides stealing your physical key card and envelope, it all comes down to how easily a criminal can copy the data.
Dave Meister, a cybersecurity expert specializing in managed security services at Check Point, notes that RFID cards are programmed using a property management system (PMS), which links the guest’s check-in details to a specific room and stay duration. “The PMS communicates with the electronic locking system to encode the card with a unique identifier,” he says. “Most modern systems use RFID or magnetic stripe technology, with RFID offering greater durability and security.”
Unfortunately, there’s a major drawback with these types of cards. “It’s now relatively easy to copy most forms of hotel key cards on the market using a device called a Flipper Zero, and this can be done through [the key card carrier’s] pocket or purse!” McKenty says.
How should you store your key card instead?
First, get rid of that envelope with your room number. After that, McKenty shares his next best recommendation for storing cards that anyone can follow: “If you’re worried about having any of your cards cloned, not just hotel key cards, consider using a shielded wallet. RFID and NFC shielding are the same technology, so you can look for either.”
Loo agrees that hotel guests should treat their hotel key cards just like a personal credit or debit card—keeping them secure and out of sight.
What should you do if you’re worried about forgetting your room number?
Don’t do what I’ve done in the past: toss the envelope but first take a photo of my key card sleeve—an easy way to remember my room number. Loo says that convenience could have cost me. “Avoid taking a photo—if your phone is lost or hacked, that image is easy to find,” he explains. “Instead, memorize it or create a mental association, for example, part of a phone number or special date.”
What are other issues to keep in mind with key cards?
Key cards can sometimes stop working—a frustrating inconvenience. “Key card failures are usually caused by demagnetization (in magnetic stripe cards), physical damage or encoding errors,” Meister points out. “While it’s commonly believed that placing a card near a phone or credit card causes deactivation, the more likely culprits are wear and exposure to strong magnetic fields.”
Besides not using the envelope, what other safety measures should hotel guests always take?
Meister uses only mobile key access, if it’s offered, provided the app is verified and the hotel’s network is secure. Otherwise, “I always request an RFID card when available, store it separately from my phone and never leave it in the room unattended.” He also avoids posting room details or identifiable photos of his hotel stay online until after checkout to reduce the risk of targeted social engineering or location-based threats.
Loo advises hotel guests walk with purpose and avoid distractions, such as phones, when heading to their rooms. Along the way, note emergency exits, and stay aware of your surroundings when opening the room door.
His advice for once inside? Lock all door locks, including secondary latches, use the peephole before opening the door to leave and keep the “Do Not Disturb” sign up when away to imply occupancy.
When it comes to overall security, McKenty stresses the value of booking with a reliable hotel brand. “I stay at reputable hotels where I know they follow proper procedures for resetting door codes,” he says. And no matter what, with room keys, always err on the side of caution. “If you’re ever feeling unsafe, just drop down to the front desk and ask them to reset the door code and make you a new set of keys.”
RELATED:
- Hotels Are Pushing a New Way to Tip—And Guests Have Strong Opinions About It
- Here’s Why You Should Put Your Toothbrush in Your Hotel Room Safe (Yes, You Read That Right!)
- Traveling This Summer? These Popular U.S. Attractions Have the Longest Wait Times
About the experts
|
Why trust us
Reader’s Digest has published hundreds of travel stories that help readers explore the world safely, easily and affordably. We regularly cover topics such as the best places to visit (and the best times to visit them), tips and tricks to zoom through airport security, flight-attendant secrets, hotel-room hacks and more. We’re committed to producing high-quality content by writers with expertise and experience in their field in consultation with relevant, qualified experts. We rely on reputable primary sources, including government and professional organizations and academic institutions as well as our writers’ personal experiences where appropriate. We verify all facts and data, back them with credible sourcing and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.
Sources:
- Daniel Loo, principal security-risk consultant and owner of North Star Group; email interview, August 2025
- Joshua McKenty, co-founder and CEO of New York–based Polyguard; email interview, August 2025
- Dave Meister, cybersecurity executive at Check Point; email interview, August 2025
- Condé Nast Traveler: “The Secret World of Hotel Theft”
