Article · Wikipedia archive · Last revised Jun 18, 2026

Piggybacking (security)

In security, piggybacking, similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint. It can be either electronic or physical. The act may be legal or illegal, authorized or unauthorized, depending on the circumstances. However, the term more often has the connotation of being an illegal or unauthorized act.

Last revised
Jun 18, 2026
Read time
≈ 3 min
Length
726 w
Citations
15
Source
Wikipedia ↗
No tailgating sign at Apple Inc. office source ↗

In security, piggybacking, similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint.1 It can be either electronic or physical.2 The act may be legal or illegal, authorized or unauthorized, depending on the circumstances. However, the term more often has the connotation of being an illegal or unauthorized act.1

To describe the act of an unauthorized person following someone to a restricted area without the consent of the authorized person, the term tailgating is also used. "Tailgating" implies no consent (similar to a car tailgating another vehicle on a road), while "piggybacking" usually implies consent of the authorized person, similar to a person giving another person a piggyback on their shoulders.3

Piggybacking came to the public's attention particularly in 1999, when a series of weaknesses were exposed in airport security. A study showed that the majority of undercover agents attempting to pass through checkpoints, bring banned items on planes, or board planes without tickets were successful. Piggybacking was revealed as one of the methods that were used in order to enter off-limits areas.4

Methods

Electronic piggybacking is a common practice typically facilitated through account sharing, where authorized users share login details with others, allowing individuals to access services or subscriptions without the financial repercussion of purchasing it themselves.5 Another common form is credit card piggybacking, in which card holders authorize others (particularly one's child), allowing them to use the account's seasoned tradeline to jumpstart, or increase their own credit score.6 Many companies branding as "credit repair" or "credit rental" firms have appeared since 2007, in which, contracted card holders authorize clients in exchange for service fees, typically without sharing account details or the physical card itself.7 In cybersecurity, phishing attacks are a form of tailgating, where attackers, masquerading as legitimate services or system administrators, mislead victims into sharing credentials, to gain unauthorized access into accounts or systems.8

In physical contexts, piggybacking is commonly enabled through the exploitation of social norms, such as an employee politely holding the door open for an attacker who is holding a large package, and is dressed in a reflective work vest.9

Prevention

Many security devices were introduced in an attempt to stop forms of piggybacking, including automatic turnstiles, and speed gates. Such devices rely on magstripes, infrared, or lidar detection systems to discourage unauthorized access.10

In 2022, Netflix prohibited account piggybacking in their terms of service after allegedly losing US$1.8 billion in possible revenue annually.11 Subsequently, companies such as Facebook,12 Hulu,13 and Disney+14 followed suit and banned piggybacking throughout 2023.

See also

See also

References

References

  1. Kingsley-Hefty, John (25 September 2013). Physical Security Strategy and Process Playbook. Elsevier Science. pp. 85–. ISBN 978-0-12-417237-1.
  2. Krause, Micki (6 April 2006). Information Security Management Handbook on CD-ROM, 2006 Edition. CRC Press. p. 3800. ISBN 978-0-8493-8585-8.
  3. Ciampa, Mark (27 July 2012). Security+ Guide to Network Security Fundamentals. Cengage Learning. ISBN 978-1-111-64012-5.
  4. Kettle, Martin (3 December 1999). "Inspectors walk through US airport security". The Guardian. London. Retrieved 22 May 2010.
  5. Richtel, Matt (18 January 2012). "Young, in Love and Sharing Everything, Including a Password". The New York Times. ISSN 0362-4331. Retrieved 15 April 2026.
  6. Blizard, Zachary; Brown, Alyssa; Sandler, Ryan (2025). "Is Sharing Credit Caring? Piggybacking Accounts and Credit Outcomes". SSRN Electronic Journal. doi:10.2139/ssrn.5193492. ISSN 1556-5068.
  7. Brevoort, Kenneth P.; Avery, Robert B.; Canner, Glenn B. (30 October 2013). "Credit Where None Is Due? Authorized‐User Account Status and Piggybacking Credit". Journal of Consumer Affairs. 47 (3): 518–547. doi:10.1111/joca.12020. ISSN 0022-0078.
  8. "What Is Tailgating in Cybersecurity and How to Protect Yourself". McAfee. 20 October 2022. Retrieved 15 April 2026.
  9. University, Carnegie Mellon. "Secure Computing - Computing Services - Office of the CIO - Carnegie Mellon University". www.cmu.edu. Retrieved 15 April 2026.
  10. "The History of the Turnstile - TiSO Turnstiles". tiso-turnstiles.com. Retrieved 15 April 2026.
  11. Scott, Martin (March 2022). "Password sharing may have lost Netflix billions of dollars in retail revenue, but operators can help" (PDF). analysys mason. Retrieved 15 April 2026.
  12. "Can I create a joint Facebook account or share a Facebook account with someone else? | Facebook Help Center". www.facebook.com. Archived from the original on 30 November 2022. Retrieved 15 April 2026.
  13. "Sharing your Hulu subscription". help.hulu.com. Retrieved 15 April 2026.
  14. "Sharing your Disney+ subscription". help.disneyplus.com. Retrieved 15 April 2026.