Bingo card authentication systems

In this Ask the Expert Q&A, our identity and access management expert explains what a "bingo" card authentication system is, how it works and how secure it is.

Joel Dubin

What is a "bingo" card authentication system? How does it work and how secure is it?

A bingo card is a wallet-size card that contains a grid of randomly generated rows and columns. When a user logs in using their ID and password, they are prompted for a random cell in the grid. The user then enters the correct combination of numbers and letters in that cell and is granted access.

This is a form of two-factor authentication because it uses two factors: something you have (the card) and something you know (user ID and password). These cards can contain any number of rows and columns, or cells as long as they fit comfortably on it. The general rule is the more cells provided, the more potential combinations, and therefore the more secure the card is.

Bingo cards are attractive because they are cheap, easy to produce and easy to replace. Additionally, unlike smart cards or tokens they do not require a chip or internal mechanism to function. However, these cards do have a drawback. After some time, depending on the number of cells, the combinations can become stale and, just like an old or weak password, eventually can be cracked. A patient attacker could use keystroke logging techniques to sniff out the user's creditionals to figure out the patterns. Once the patterns are pieced together, the combinations will be revealed.

While bingo cards haven't been widely adopted, they are interesting and easy-to-implement two-factor authentication tools. To learn more about them, you can research two products that are currently on the market, Entrust's IdentityGuard and TriCipher's Armored Credential System.

More Information

Visit this Learning Guide to learn more about other authentication options.

Review the strengths and weaknesses of two-factor authentication here.

This was last published in February 2006

Bingo card authentication systems

In this Ask the Expert Q&A, our identity and access management expert explains what a "bingo" card authentication system is, how it works and how secure it is.

Dig Deeper on Two-factor and multifactor authentication strategies

SIM swap attack (SIM intercept attack)

buzzword bingo

grid authentication

user authentication

Related Q&A from Joel Dubin

How to use a public key and private key in digital signatures

What's the purpose of CAPTCHA technology and how does it work?

Single sign-on best practices: How can enterprises get SSO right?

SearchCloudSecurity

Cloud computing forensics techniques for evidence acquisition

5 PaaS security best practices to safeguard the application layer

Private vs. public cloud security: Benefits and drawbacks

SearchNetworking

SolarWinds: Lessons learned for network management, monitoring

7 key SD-WAN trends to evaluate in 2021

10 network security tips in response to the SolarWinds hack

SearchCIO

What CIOs need to know about the future of hyperautomation

3 steps to recalibrate a strategic IT roadmap

Experts predict hot enterprise architecture trends for 2021

SearchEnterpriseDesktop

Otter.ai helps Google Meet stay competitive

Will Windows 10 be the last Windows OS?

CES: Laptops sport designs friendly for remote workers

SearchCloudComputing

CS degrees vs. cloud certifications: Compare the pros and cons

Cloud infrastructure automation: When and where to use it

IBM acquisition spree targets hybrid cloud consulting market

ComputerWeekly.com

Virtualisation, automation and network slicing increasing operators’ focus

The ransomware routine: pages from the Secret IR Insider’s diary

Kao Data signs AI-focused life sciences startup InstaDeep as a customer