Securing use of RFID to disarm alarm system

I use AlarmSystem at home (https://github.com/runningman84/home-assistant-apps)
I recently implemented an arm/disarm system through an RFID (A simple way to manually control alarm system with RFID reader)
The use of RFID to arm or disarm an alarm system is not very secure because they are easily clonable, I am thinking of methods to improve security …

  1. install the RFID reader inside the house so that nobody can act on the RC522 reader from the outside.
  2. at the entrance to the house the alarm is armed and starts in “pending” mode … then the authorized person approaches the tag/badge on the RC552 reader and disarm the alarm
  3. the deactivation should be lagged also to the recognition of the person through his smartphone.

The latter, however, may be a problem because device_tracker often recognizes the smartphone even after 40 or 50 seconds … my system waits 30 seconds in pending state before the siren is activated.

I would like to implement an automation that once I enter the house and read the badge / tag the alarm system will extend the pending phase by another 30 seconds … if it recognizes the tag / badge and the smartphone deactivates the alarm … otherwise makes the siren sound.
This would make the use of the RDFID badge / tag much safer.

Pending time is a variable in alarm_control_panel how can I change it from 30 to 60 seconds only if alarm is disarmed by use of RFID badge/tag?

 alarm_control_panel:
      - platform: manual
        code: !secret alarm_pin
        pending_time: 30
        trigger_time: 180 

actually my automation is…

  - alias: RFID 1 Alarm off
    trigger:
      platform: mqtt
      topic: "home/rfid"
      payload: 'wwxxyyzz'
    condition:
      condition: or
      conditions:
        - condition: state
          entity_id: alarm_control_panel.ha_alarm
          state: armed_home
        - condition: state
          entity_id: alarm_control_panel.ha_alarm
          state: armed_away
        - condition: state
          entity_id: alarm_control_panel.ha_alarm
          state: pending
    action:
      - service: notify.hassio
        data:
          message: "RFID 1 -> Alarm off!"
      - service: logbook.log
        data_template:
          name: >-
           {{ MQTT }}
          message: RFID 1 -> Alarm off!
      - service: alarm_control_panel.alarm_disarm
        data: {"entity_id":"alarm_control_panel.ha_alarm","code":"12345"}

could be this a solution?

modify automation applying a pending time and a delay…

  - alias: RFID 1 Alarm off
    trigger:
      platform: mqtt
      topic: "home/rfid"
      payload: 'wwxxyyzz'
    condition:
      condition: or
      conditions:
        - condition: state
          entity_id: alarm_control_panel.ha_alarm
          state: armed_home
        - condition: state
          entity_id: alarm_control_panel.ha_alarm
          state: armed_away
        - condition: state
          entity_id: alarm_control_panel.ha_alarm
          state: pending
    action:
      - service: alarm_control_panel.alarm_pending
        data: {"entity_id":"alarm_control_panel.ha_alarm","code":"12345"}
      - delay: 
          seconds: 60  
      - condition: state
        entity_id: group.family
        state: at_home
      - service: notify.hassio
        data:
          message: "RFID 1 -> Alarm off!"
      - service: logbook.log
        data_template:
          name: >-
           {{ MQTT }}
          message: RFID 1 -> Alarm off!
      - service: alarm_control_panel.alarm_disarm
        data: {"entity_id":"alarm_control_panel.ha_alarm","code":"12345"} 

this should increase the “pending time” to 60 seconds … after which if the device_tracker will recognize the smartphone the alarm should automatically disarm…
if smartphone will not be recognized in 60 seconds the alarm will change in triggered state.

will it works?
any suggestions?

You stated RFID is not safe then why you continue to use RFID to disarm? Mine is working fine using Home detection through cell phones (Netgear router). No special config needed. As my wife pulls up the driveway, it connects to our wifi, disarmed automation is called.

Often device_tracker is not reliable, sometimes it takes more than 50 seconds to recognize my wife Huawei smartphone. Even I configured both wifi and bt sometimes it do not recognize smartphones.
I cannot increase default pending time to 1 minute… it isn’t safer.
In the latest generation of smartphones such as the Samsung S8 and S9 often in standby or while they are charging… android turn off the wifi even if I haven’t set any power saving function.
There are dozens of apps that promise not to disable wifi but none of them is always working … just read the comments on PlayStore
Even when the router recognizes the smartphone device_tracker often give false positives or false negatives.
There are lots of posts that talk about it in the community …
I don’t want to substitute device_tracker… I wish to use RFID togheter device_tracker to enforce recognition.

I guess we must be lucky as it has been working for us with Samsung (S4, S7 and Note 8) and Honor 6 (Xiaomi??) phones for a few months now. I never have checked how long but when I pulled up HA interface last few times and saw the alarm was already in disarmed mode before opening door. If I have to guess only few seconds…

Good luck to yours!

you are a lucky man… my Samsung S8 and S9 are enough fast to be recognized… about 10/15 seconds, but often they disconnect wifi in stand by… and if I’m alone at home alarm is triggered.

My wife’s Huawei P8 lite instead is recognized sometimes in 40 other times in over 50 seconds…

Ah, you have it self-armed all day long…that makes sense. I only set it to self-armed in the morning before leaving for school/work ib week days. We have to arm it manually on the weekend/afternoon week days when no one is home. No restriction on self-disarmed (all day)

my alarm system is self armed after 10 minutes device_tracker do not recognize smartphone and there aren’t activity from motion sensor. In this way is impossible to forget to arm alarm