Bingo card authentication systems

In this Ask the Expert Q&A, our identity and access management expert explains what a "bingo" card authentication system is, how it works and how secure it is.

Joel Dubin

What is a "bingo" card authentication system? How does it work and how secure is it?

A bingo card is a wallet-size card that contains a grid of randomly generated rows and columns. When a user logs in using their ID and password, they are prompted for a random cell in the grid. The user then enters the correct combination of numbers and letters in that cell and is granted access.

This is a form of two-factor authentication because it uses two factors: something you have (the card) and something you know (user ID and password). These cards can contain any number of rows and columns, or cells as long as they fit comfortably on it. The general rule is the more cells provided, the more potential combinations, and therefore the more secure the card is.

Bingo cards are attractive because they are cheap, easy to produce and easy to replace. Additionally, unlike smart cards or tokens they do not require a chip or internal mechanism to function. However, these cards do have a drawback. After some time, depending on the number of cells, the combinations can become stale and, just like an old or weak password, eventually can be cracked. A patient attacker could use keystroke logging techniques to sniff out the user's creditionals to figure out the patterns. Once the patterns are pieced together, the combinations will be revealed.

While bingo cards haven't been widely adopted, they are interesting and easy-to-implement two-factor authentication tools. To learn more about them, you can research two products that are currently on the market, Entrust's IdentityGuard and TriCipher's Armored Credential System.

More Information

Visit this Learning Guide to learn more about other authentication options.

Review the strengths and weaknesses of two-factor authentication here.

This was last published in February 2006

Bingo card authentication systems

In this Ask the Expert Q&A, our identity and access management expert explains what a "bingo" card authentication system is, how it works and how secure it is.

Dig Deeper on Two-factor and multifactor authentication strategies

user authentication

SIM swap attack (SIM intercept attack)

buzzword bingo

grid authentication

Related Q&A from Joel Dubin

How to use a public key and private key in digital signatures

What's the purpose of CAPTCHA technology and how does it work?

Single sign-on best practices: How can enterprises get SSO right?

SearchCloudSecurity

Unify on-premises and cloud access control with SDP

Get to know cloud-based identity governance capabilities

6 AIOps security use cases to safeguard the cloud

SearchNetworking

Network capacity planning best practices for return to office

Aruba product integrations advance its SASE strategy

Wi-Fi 6 rollout requires careful review of network devices

SearchCIO

CIO role post-pandemic is 'opportunity of a lifetime'

Hybrid care is healthcare's future

Replacing vs. maintaining legacy systems

SearchEnterpriseDesktop

Apple takes its M1 chip to the iMac, iPad Pro

VMware launches Anywhere Workspace to secure remote workers

Incorporating zero trust into endpoint security

SearchCloudComputing

Elastic vs. AWS highlights open source monetization dilemma

How to calculate cloud migration costs before you move

Evaluate Azure CLI vs. PowerShell for resource management

ComputerWeekly.com

SAP Q1 2021: Revenue nudges up 2% year-on-year, S/4 adoption up 2.5% on prior quarter

Mavenir gains new $500m cash injection as it opens UK O-RAN development centre

Met Office prepares for 1.5 million processor, 60 petaflop supercomputer