This is a form of two-factor authentication because it uses two factors: something you have (the card) and something you know (user ID and password). These cards can contain any number of rows and columns, or cells as long as they fit comfortably on it. The general rule is the more cells provided, the more potential combinations, and therefore the more secure the card is.
Bingo cards are attractive because they are cheap, easy to produce and easy to replace. Additionally, unlike smart cards or tokens they do not require a chip or internal mechanism to function. However, these cards do have a drawback. After some time, depending on the number of cells, the combinations can become stale and, just like an old or weak password, eventually can be cracked. A patient attacker could use keystroke logging techniques to sniff out the user's creditionals to figure out the patterns. Once the patterns are pieced together, the combinations will be revealed.
While bingo cards haven't been widely adopted, they are interesting and easy-to-implement two-factor authentication tools. To learn more about them, you can research two products that are currently on the market, Entrust's IdentityGuard and TriCipher's Armored Credential System.
Dig Deeper on Two-factor and multifactor authentication strategies
Related Q&A from Joel Dubin
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures ... Continue Reading
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading