I keep forgetting I need to disclose a vulnerability to all physical key manufacturers. Essentially, it's possible to bypass the 'do not duplicate' message stamped into certain keys by taking them to a hardware store and asking a person who works there to duplicate them.