Phantom keys explained — and how to fix them
A phantom key is a bitting nobody intended that still happens to open a cylinder. They're how master-keyed buildings get burgled by someone holding a perfectly legitimate change key for the door next door.
How phantoms happen
Every chamber in a master-keyed cylinder has at least two shear-line positions — one for the change key, one for the master. Add a thin master pin and you've added a second possible split point in that chamber. Multiply that across six pin positions and a single cylinder can have dozens or hundreds of bittings that all happen to land on a shear line.
Most of those bittings are bittings nobody cuts. But some of them match keys that do exist in the same system — a change key for a different door in the same building, for example. That's a phantom: an unintended cross-access.
How Keyzee finds them
Per cylinder, Keyzee enumerates every shear-line combination — up to 50,000 per 6-pin chamber, more for 7-pin. Then it tests each of those bittings against every other key in the system. Any bitting that opens a cylinder it shouldn't get flagged as a phantom.
This is the part of the build that's effectively impossible by hand. On a 12-cylinder system with 3 master groups, it's roughly 600,000 bitting checks. Spreadsheets can't do this; people doing it by hand either skip it (and ship phantoms) or take half a day per system.
The three severities
Critical — bypasses the TMK
Someone holding a change key for a single door in this system can also open the TMK-only doors (the lobby, the plant room, the building manager's office). This is the worst kind: a $50 cylinder change just gave a tenant access to the whole building. Critical phantoms always block the build. You cannot export pinning cards while a critical phantom exists.
High — cross-master access
A change key in master group A also opens a door in master group B. Less severe than critical (the TMK is still safe) but still a real breach — your tenants on the east wing can wander into the west wing. Keyzee shows a yellow warning; you can override and ship if the customer accepts the risk, but the audit trail records the override.
Medium — cross-change-key
A change key in master group A opens another change-key door in the same group. Usually fine — both doors are typically tenanted by the same party — but flag-worthy because some buildings rent same-floor doors to different tenants. Keyzee logs it and lets you proceed without override.
Four ways to fix a phantom
1. Regenerate with a new variation seed
90% of phantoms clear with a single click of Rebuild with new seed. The variation seed determines which bittings the engine picks; a different seed picks different bittings, which usually doesn't have the same accidental crossings.
2. Tighten MACS
Lower MACS in the profile settings (e.g. from 4 to 3). This forbids the engine from picking bittings with adjacent depth jumps that big — which removes a lot of the bittings that tend to land on accidental shear lines.
Tradeoff: tighter MACS means fewer valid bittings, so the engine has less room to find a phantom-free system on a complex hierarchy. If you tighten MACS and the build now warns about capacity exhaustion, loosen it back and try a different seed.
3. Reduce master groups
Phantom rate scales superlinearly with the number of master keys. If you've got 5 masters on a 10-cylinder system, the engine is fighting a hard combinatorial problem; collapse two adjacent groups into one and the phantom count usually drops.
4. Edit the access matrix
For maison doors (lobby, lift, plant room — doors that are meant to be opened by many keys), Keyzee will sometimes flag a phantom that's actually intended access. Open the access matrix in the Hierarchy tab, mark that cell as intentional, and the engine re-classifies it as a feature, not a bug.
What about pre-existing phantoms in legacy systems?
If you import a system from an older tool (see importing systems), Keyzee runs the same phantom scan against the existing bittings. You'll get warnings on systems that were shipped before phantom checking was a thing. That's not a Keyzee bug — that's a real security finding on a real system.
Reach out to support if you want to walk through how to disclose a legacy phantom to the customer without alarming them. We've helped locksmiths handle this conversation a few times.