Bingo card authentication systems

In this Ask the Expert Q&A, our identity and access management expert explains what a "bingo" card authentication system is, how it works and how secure it is.

Joel Dubin

What is a "bingo" card authentication system? How does it work and how secure is it?

A bingo card is a wallet-size card that contains a grid of randomly generated rows and columns. When a user logs in using their ID and password, they are prompted for a random cell in the grid. The user then enters the correct combination of numbers and letters in that cell and is granted access.

This is a form of two-factor authentication because it uses two factors: something you have (the card) and something you know (user ID and password). These cards can contain any number of rows and columns, or cells as long as they fit comfortably on it. The general rule is the more cells provided, the more potential combinations, and therefore the more secure the card is.

Bingo cards are attractive because they are cheap, easy to produce and easy to replace. Additionally, unlike smart cards or tokens they do not require a chip or internal mechanism to function. However, these cards do have a drawback. After some time, depending on the number of cells, the combinations can become stale and, just like an old or weak password, eventually can be cracked. A patient attacker could use keystroke logging techniques to sniff out the user's creditionals to figure out the patterns. Once the patterns are pieced together, the combinations will be revealed.

While bingo cards haven't been widely adopted, they are interesting and easy-to-implement two-factor authentication tools. To learn more about them, you can research two products that are currently on the market, Entrust's IdentityGuard and TriCipher's Armored Credential System.

More Information

Visit this Learning Guide to learn more about other authentication options.

Review the strengths and weaknesses of two-factor authentication here.

This was last published in February 2006

Dig Deeper on Two-factor and multifactor authentication strategies

Related Q&A from Joel Dubin

What's the purpose of CAPTCHA technology and how does it work?

Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading

Single sign-on best practices: How can enterprises get SSO right?

Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading

Options for a mechanical door security system on a server room door

After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

Google Cloud security gets boost with Secret Manager

Google Cloud's new Secret Manager service augments its cloud security capabilities with an eye toward the needs of DevOps teams.

Microsoft misconfiguration exposed 250M customer service records

Microsoft exposed 250 million customer support records on five Elasticsearch servers that had misconfigured Azure security rules,...

Lyft's open source asset tracking tool simplifies security

Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset ...

SearchNetworking

Build a source of truth into your network automation strategy

Many network automation approaches rely on a source of truth repository to provide data on network behavior. But building this ...

SD-WAN explained: The ultimate guide to SD-WAN architecture

Evaluating SD-WAN architecture can be confusing, especially as the market grows. This guide helps IT pros learn SD-WAN basics, ...

VMware acquisition of Nyansa combines LAN, WAN analytics

The VMware acquisition of Nyansa is expected to provide network traffic analytics that cover the SD-WAN and the wired and ...

SearchCIO

Preparing for the new forms of cybersecurity threats in 2020

In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being ...

What is the state of CIO tenure today?

CIO tenure remains significantly lower than other C-suite positions, and according to experts, it's a result of the age of ...

The evolution of RPA, from macros to process transformation

RPA evolved from technology debuted in the 1950s and '60s and was developed to today's standards by the industry's leading ...

SearchEnterpriseDesktop

Windows 7 sunset gives PC market a boost in 2019

Does the growth of the PC market in 2019 reflect an increased appetite for the devices? Experts discuss the PC's role in the ...

EG Enterprise v7 focuses on usability, user experience monitoring

New features in EG Enterprise v7, set to launch soon, enable simulated and real user monitoring, automated diagnosis and new ...

Managing Windows Defender Device Guard in Windows desktops

IT pros must understand how Windows Defender Device Guard uses a locked-down approach to desktop security and how this method ...

SearchCloudComputing

5 cloud database comparison tips to guide your data strategy

Catch up on these tips that compare the strengths, weakness and available integrations of popular public cloud database and ...

Reduce cloud latency for remote employees and offices

Latency remains an issue for cloud users with remote facilities. See how SD-WAN and satellites can improve network performance ...

AWS multi-account management best practices with Control Tower

With the help of AWS Control Tower, organizations who own and operate multiple cloud accounts can manage them all under one roof ...

ComputerWeekly.com

Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia

Sodinokibi hacking group steps up pressure on German automotive manufacturer by publishing information, including the CEO’s ...

SAP User Group launches Business One Academy

UK and Ireland SAP User Group setst up academy to provide training on SAP Business One, which is only available via resellers and...

Disaster recovery failover choices: Synchronous mirrors, P2V and the cloud

We survey the key options in disaster recovery: whether to failover to an on-site location or off-site facility. We also look at ...

Bingo card authentication systems

In this Ask the Expert Q&A, our identity and access management expert explains what a "bingo" card authentication system is, how it works and how secure it is.

Dig Deeper on Two-factor and multifactor authentication strategies

End User Computing Bingo!

SIM swap attack (SIM intercept attack)

buzzword bingo

grid authentication

Related Q&A from Joel Dubin

What's the purpose of CAPTCHA technology and how does it work?

Single sign-on best practices: How can enterprises get SSO right?

Options for a mechanical door security system on a server room door

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Google Cloud security gets boost with Secret Manager

Microsoft misconfiguration exposed 250M customer service records

Lyft's open source asset tracking tool simplifies security

SearchNetworking

Build a source of truth into your network automation strategy

SD-WAN explained: The ultimate guide to SD-WAN architecture

VMware acquisition of Nyansa combines LAN, WAN analytics

SearchCIO

Preparing for the new forms of cybersecurity threats in 2020

What is the state of CIO tenure today?

The evolution of RPA, from macros to process transformation

SearchEnterpriseDesktop

Windows 7 sunset gives PC market a boost in 2019

EG Enterprise v7 focuses on usability, user experience monitoring

Managing Windows Defender Device Guard in Windows desktops

SearchCloudComputing

5 cloud database comparison tips to guide your data strategy

Reduce cloud latency for remote employees and offices

AWS multi-account management best practices with Control Tower

ComputerWeekly.com

Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia

SAP User Group launches Business One Academy

Disaster recovery failover choices: Synchronous mirrors, P2V and the cloud

Dig Deeper on Two-factor and multifactor authentication strategies

End User Computing Bingo!

SIM swap attack (SIM intercept attack)

buzzword bingo

grid authentication

Related Q&A from Joel Dubin

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.