Grid authentication is a method of securing user logins by requiring the user to enter values from specific cells in a grid whose content should be only accessible to him and the service provider. Because the grid consists of letters and numbers in rows and columns, the method is sometimes referred to as bingo card authentication.
Typically, the grid is provided to the user on a wallet-size card that contains randomly-generated characters in rows and columns. The user logs in with his user name and password and is then prompted to input the characters from a randomly-selected cell in the grid. If the user enters the correct character sequence, access is granted.
The method is one type of two-factor authentication (2FA) because it requires that the user provide proof of something that they know (the knowledge factor), the user name and password, as well as proof of something that they have (the possession factor) in the form of the grid.
Grid authentication protects against replay attacks because the same characters selected for one login cannot be reused. However, there is no mechanism in place to prevent copying of the entire grid. The method is also vulnerable to an attack method like brute force cracking, in particular if the same grid is used for an extended period of time.