Here's the short answer: a traditional lockbox gives anyone with the code access to your key — with no record of who used it. A smart lockbox adds single-use codes and an entry log. But both secure the key, not the person — a smart box just logs an entry it can't prevent. For safe self-showings, the deciding factor is verifying who gets the code before the door ever opens.
Property managers have lost units to people they never met, using lockboxes that worked exactly as designed. The manager set up a perfectly functional lockbox — code distributed, showing scheduled — and still got burned. Codes got shared. Keys got passed around. In one case an operator we interviewed described someone impersonating a prospect who took the keys and began running their own leasing operation out of the property. Not a broken lockbox. A broken identity gate.
That's the real question this piece answers. Not which lockbox is smarter — but what either one actually protects.
What's the real difference between a smart lockbox and a traditional lockbox?
A traditional lockbox stores a physical key behind a static combination. A smart lockbox replaces that static code with app-issued, single-use codes and keeps a timestamped log of every entry. Both secure the key. Neither checks who's asking for it.
| Traditional / mechanical combination lockbox | Smart / electronic lockbox | |
|---|---|---|
| Access code | One static code, reused indefinitely | Time-limited, single-use codes per showing |
| Entry record | None | Per-entry audit log with timestamp |
| Connectivity | None | Bluetooth / mobile app |
| Verifies who enters | No | No |
Every row in that table improves the lock. The bottom row — the one that matters for scams — reads "No" in both columns. Smart lockboxes from manufacturers like SentriLock and ButterflyMX do offer real operational upgrades: single-use codes die after the showing window, and an audit trail exists if you need it later. But neither product line verifies the identity of the person receiving the code. That's not a product gap — it's a category limit.
Is a traditional combination lockbox safe for self-showings?
A traditional lockbox is safe enough against a random passerby. It's not safe against the actual threat: someone who only needs your static code once, and can share it, photograph it, or pass it to anyone else without your knowledge.
That's the core problem. A static code has no expiry and no access log. Once distributed, you have no way to know how many people have it or who entered the unit. For low-volume operations where the manager personally vets every prospect, the risk is manageable. For anything at scale — multiple units, multiple listings, online lead sources — the math works against you.
The rental fraud numbers are significant. The FTC logged approximately 65,000 rental scam reports and roughly $65 million in losses from January 2020 through June 2025, with a median loss of $1,000 per victim (FTC Consumer Sentinel Network, 2025 — ftc.gov). Approximately half of those reports in the twelve months ending June 2025 involved a fake ad on social media — meaning the scammer arrives already posing as a legitimate prospect, contact information and all. A static lockbox code is one more thing they can exploit once they're through the door.
Can a smart lockbox actually stop a rental scammer?
No. It documents the entry it can't prevent. That's the honest answer — and it's worth sitting with before you invest in new hardware.
Single-use codes and timestamped logs are real upgrades. If a code leaks, it expires. If something goes wrong, you have a record. Those are genuine improvements over a static combination box. But a scammer who receives a code under a fake identity gets a perfectly valid, perfectly logged entry. The audit trail records who the system thinks came through — not who actually did.
The gap isn't a flaw in any particular device. It's structural: lockboxes are built to control key access, not to verify human identity. A smarter box is genuinely better than a mechanical one for accountability and code revocation. It just doesn't solve the identity problem, because it was never designed to.
[[cta]]
What's the security gap a smart lockbox alone leaves open?
The gap is identity. Both tiers fail at the same point: neither checks who receives the code before it's issued.
In LetHub's discovery calls with property managers across the US and Canada — 112 conversations with working PMs — scammer and squatter protection came up unprompted as a top concern for more than one in four. What was consistent across every story wasn't the type of lockbox involved. It was that no one had verified who was on the other end of the code request before the door opened.
One single-family operator described a situation where someone impersonating a prospect obtained the access code, entered the unit, took a copy of the key, and then started running their own leasing service from that property — collecting deposits from renters who had no idea the unit wasn't theirs to rent. The lockbox worked perfectly. It opened when it was supposed to. The problem was the person holding the code.
A single-family manager in a separate discovery call described a steadier pattern: codes passed between contacts, a revolving door of people the manager never vetted, squatters, and what she described as a "stream of scam artists" who had apparently learned the combination from someone else's showing. Again — functional lockbox, broken gate.
That's the reframe this whole comparison hinges on: a smarter lock logs the break-in. It doesn't prevent it. The variable that decides whether self-showings are safe isn't the hardware on the door — it's whether you've confirmed who receives the code before you issue it.
Why does verifying who gets the code matter more than the lock itself?
Because the lock only ever does what the code-holder tells it to. If the code reaches a verified person, every tier of lockbox is safe. If it reaches a fake identity, none of them are.
Verification matters from the renter's side too. A 2024 renter survey found that 93% of renters see rental scams as a common threat and 90% are personally afraid of becoming a victim; among those who were victimized, 48% lost more than $1,000 (industry survey, 2024). Honest renters — the majority — are actively looking for signals that the listing is legitimate before they hand over any personal information or payment. An ID verification step before a showing doesn't slow them down; it reassures them.
The principle is simple: identity verification belongs upstream of the code, not downstream of the lock. Putting a better lock on the door without changing who can request a code is like adding a deadbolt to a door that opens from the outside.
What does ID-verified self-showing access look like in practice?
The prospect verifies their identity first — government-issued ID plus a selfie match — and only a confirmed human whose identity is on record receives the access code. The lock then opens for someone you can actually account for.
The showing flow looks like this:
- The prospect submits a showing request and completes identity verification (government ID + real-time selfie match) before any code is generated.
- Once the match is confirmed, a single-use, time-limited code is issued for the scheduled window only.
- Entry is logged against a verified identity — not just a timestamp.
- If a code is requested under a false identity, it never reaches the door.
This works with whatever lockbox is already on the door. The hardware doesn't change. The upgrade is the gate that sits in front of the code — the step that turns an anonymous request into a verified person.
This is LetHub's self-showing model: access gated by bank-level ID verification so that a scammer can't get a code under a fake identity in the first place. Showings are confirmed and booked within about 30 seconds of inquiry, with a 24/7 AI voice agent handling the scheduling and verification around the clock — so the gate doesn't slow down your leasing velocity.
[[cta2]]
Smart lockbox vs traditional lockbox: which should a property manager choose?
Choose a smart lockbox over a mechanical one — better code control, audit trails, and the ability to revoke access matter. But treat that as table stakes, not the safety answer. The real choice isn't between the two types of box. It's whether you put identity verification in front of either one.
Some managers in our discovery calls got burned badly enough that they shut down self-showings entirely and went back to agent-led, in-person tours. That solved the fraud problem and created a new one: prospects couldn't view a unit without scheduling around an agent's availability. Leads bled out. Units sat longer. The cure was worse than the disease.
You don't have to choose between "scam risk" and "no self-showings." ID-gated access is the third door: self-tours stay running, the identity gap closes, and you're not dependent on an agent's schedule to get someone through a door.
How do you run safe self-showings without turning off self-tours entirely?
Keep self-showings on the table — just put the right gate in front of them. Here's the pattern that holds up:
- Verify identity before issuing any access code. Government ID plus a selfie match, done before a code is generated — not after the showing is scheduled.
- Use single-use, time-limited codes. A code that expires after the showing window can't be passed along or reused, even if it leaks.
- Keep a per-entry log. Not just a timestamp — a log tied to a verified identity so you know who actually came through.
- Never use a static shared code. Posting the same combination in a showing confirmation email erases every other gain on this list.
- Treat the lock as the last step, not the security layer. The security happens upstream — at the identity gate.
That pattern keeps the convenience of self-showings while closing the gap both lockbox tiers leave open. The lock becomes the final step in a chain, not the chain itself.
Frequently Asked Questions
Are smart lockboxes safe for self-showings?
Safer than mechanical for code control and entry tracking, yes — but a smart lockbox still doesn't verify who receives the code. Pair it with identity verification upstream of the code to close that gap.
What's the difference between a smart lockbox and a regular lockbox?
A regular lockbox uses one static code with no record of who entered; a smart lockbox adds single-use codes and a per-entry audit log. Neither checks the identity of the person receiving the code.
Can someone steal a code from a lockbox?
A static code can be shared, photographed, or forwarded and reused indefinitely; single-use codes reduce that risk significantly. The bigger vulnerability is a code issued to a fake identity in the first place — a problem no lockbox tier solves on its own.
How big a problem are rental scams really?
The FTC logged approximately 65,000 rental scam reports and roughly $65 million in losses from 2020 through mid-2025, with a $1,000 median loss per victim (FTC Consumer Sentinel Network, 2025 — ftc.gov). About half of those recent reports involved a fake listing on social media.
What is ID-verified showing access?
Access where the prospect confirms identity with a government-issued ID and a selfie match before any access code is issued — so the lock only opens for a person you can actually account for.
Do I have to stop self-showings to avoid scammers?
No — turning off self-tours costs you leads without fixing the underlying problem. ID-gated access keeps self-showings running while closing the identity gap that scammers exploit.
Does ID verification slow down prospects?
The verification step happens before the code is issued, typically taking under a minute. And it reassures the honest renters who make up the vast majority of your applicants — 90% of renters report fearing they'll personally become a rental scam victim (industry survey, 2024).
Can I use my existing lockbox with ID-verified access?
Yes. The verification gate sits in front of whatever lockbox is already on the door. The upgrade is who gets the code, not the hardware — you don't need to replace your existing lockboxes to run ID-verified self-showings.
The smart-vs-traditional debate is ultimately a question about identity: answer that, and the hardware choice becomes secondary. Self-showings can stay open, leads keep flowing, and the scam exposure closes — without replacing every box on every door.
Leasing Automation Report
See LetHub on your own PMS and listings
