Bingo card authentication systems

In this Ask the Expert Q&A, our identity and access management expert explains what a "bingo" card authentication system is, how it works and how secure it is.

Joel Dubin

What is a "bingo" card authentication system? How does it work and how secure is it?

A bingo card is a wallet-size card that contains a grid of randomly generated rows and columns. When a user logs in using their ID and password, they are prompted for a random cell in the grid. The user then enters the correct combination of numbers and letters in that cell and is granted access.

This is a form of two-factor authentication because it uses two factors: something you have (the card) and something you know (user ID and password). These cards can contain any number of rows and columns, or cells as long as they fit comfortably on it. The general rule is the more cells provided, the more potential combinations, and therefore the more secure the card is.

Bingo cards are attractive because they are cheap, easy to produce and easy to replace. Additionally, unlike smart cards or tokens they do not require a chip or internal mechanism to function. However, these cards do have a drawback. After some time, depending on the number of cells, the combinations can become stale and, just like an old or weak password, eventually can be cracked. A patient attacker could use keystroke logging techniques to sniff out the user's creditionals to figure out the patterns. Once the patterns are pieced together, the combinations will be revealed.

While bingo cards haven't been widely adopted, they are interesting and easy-to-implement two-factor authentication tools. To learn more about them, you can research two products that are currently on the market, Entrust's IdentityGuard and TriCipher's Armored Credential System.

More Information

Visit this Learning Guide to learn more about other authentication options.

Review the strengths and weaknesses of two-factor authentication here.

This was last published in February 2006

Bingo card authentication systems

In this Ask the Expert Q&A, our identity and access management expert explains what a "bingo" card authentication system is, how it works and how secure it is.

Dig Deeper on Two-factor and multifactor authentication strategies

SIM swap attack (SIM intercept attack)

buzzword bingo

grid authentication

user authentication

Related Q&A from Joel Dubin

How to use a public key and private key in digital signatures

What's the purpose of CAPTCHA technology and how does it work?

Single sign-on best practices: How can enterprises get SSO right?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Cloud security quiz: Application security best practices

The importance of security, data encryption for cloud

Cloud workload protection platform security benefits, features

SearchNetworking

Compare 3 DDoS mitigation strategies for enterprise networks

T-Mobile 5G progresses, Samsung intros 5G tablets

Discover 8 network diagramming tools aimed at architects

SearchCIO

Top 10 causes of RPA failures and how to avoid them

The contradiction of post COVID-19 risk management

How to hire a data scientist with AI skills during pandemic

SearchEnterpriseDesktop

Using Task Manager to monitor memory usage in Windows 10

Microsoft puts Universal Print in preview

How to fix a Windows 10 boot loop

SearchCloudComputing

10 cloud computing experts you should follow

Use this Amazon Cognito review to assess authentication tools

10 cloud computing myths debunked

ComputerWeekly.com

Citrix users urged to patch five XenMobile CVEs

PCCW Global and Sure Universal team up for home-based medical IoT

DAG Wireless unveils 4G/5G infrastructure for in-flight connectivity