Tailgating
A physical security breach where an unauthorised person gains access to a restricted area by following closely behind an authorised person as they use their access credential.
Also known as: piggybacking, physical access exploit, door bypass
Last reviewed: 1 June 2026
Tailgating (also called piggybacking) is a physical intrusion technique in which an attacker gains entry to a secured area without valid credentials by simply following immediately behind an authorised person as they open a door. The attacker relies on social convention — most people feel awkward letting a door close in someone's face, particularly if the person appears to belong (wears a uniform, carries equipment, or acts confidently) — to slip through access-controlled doors without badging in.
Tailgating is one of the simplest and most effective physical penetration techniques. Once inside a secured area, an attacker may be able to access unattended computers, plant hardware keyloggers or rogue network devices, steal physical assets, or reach areas with less security where further intrusion is possible.
Organisations defend against tailgating through anti-tailgate door systems (mantrap airlocks or turnstiles that physically allow only one person per credential use), security awareness training that empowers employees to challenge anyone not badging in, security cameras, and visitor management systems. Consistent security culture — where everyone is expected to badge in and challenge unrecognised visitors — is the most effective long-term control.
Examples
- An attacker dressed in a delivery uniform carries a large box to a secure office building entrance and waits for an employee to badge in, then follows them through the door while they hold it open, gaining unrestricted access to the open-plan office.