Who should be trained/authorized to use authentication codes?

Authentication codes are sensitive credentials used to verify a person’s authority to arm, disarm, or access secure alarm system functions. The individuals who monitor and respond to alarms—alarm monitors—must be trained and authorized to use these codes. They are responsible for following procedures, verifying identity, logging every use, and ensuring codes aren’t shared or stored insecurely. Giving this level of access to others creates risks of unauthorized entry, misuse, or missed alarms, so only those who actively operate and manage the system should have them. Public visitors should not have access to the codes, and maintenance staff or patrols generally operate under controlled access procedures that don’t require handling authentication codes unless explicitly assigned. This approach follows the principle of least privilege and accountability, keeping the system secure while ensuring responders can act quickly and correctly when alarms occur.