Shoulder surfing is when an attacker watches a user enter a password or pin number. As a key punch door only requires a pin number which means anyone with the pin number has access and is susceptible to shoulder surfing. By replacing the key punch with a proximity reader shoulder surfing is not an issue as the proximity reader will require the attacker to also have a physical token to gain access. Tailgating is when an attacker enters an open door before it closes (after an authorized user opens). This can only be mitigated by user training and man traps.
In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder, either from keystrokes on a device or sensitive information being spoken and heard, also known as eavesdropping