Multifactor authentication is not always something complex and expensive. There are a number of implementations of two factor authentication systems that use a list of one-time passwords printed on a piece of paper. In this post, we will review two examples of such systems.
The logic behind is quite simple, both server and client have a list of numbered passwords, and when logging in, the server chooses a password and prompts user to enter it.
One of examples of such a system is Perfect Paper Passwords. GRC's "Perfect Paper Passwords" (PPP) system is a straightforward, simple and secure implementation of a paper-based One Time Password (OTP) system. When used in conjunction with an account name & password, the individual "passcodes" contained on PPP's "passcards" serve as the second factor ("something you have") of a secure multi-factor authentication system.
High security multifactor authentication using a series of single-use "passcodes" does not need to be expensive. In fact, it can be free...
A similar approach is used in e-banking system of AzeriCard. In its implementation, the lists of passwords are being printed out from participant banks ATM machines. As per user instructions published on the website.
To connect to the "Internet Banking" system it is necessary to obtain a list of one-time passwords in any of the information kiosks or ATMs of the Bank. To do this, in the ATM menu, select "Payment", then "Services", then "A list of IB passwords”, and the machine will print out a list similar to the one shown below.
Although, the access to this list is secured with an additional factor of the banking card and its pin code, this can be regarded as another example of paper based strong authentication.
31-01-2019Yet another review of OATH hardware tokens feature in Azure Cloud MFA
22-01-2019Programmable TOTP token in a key fob form-factor
12-01-2019TOKEN2 NFC Burner Windows application
07-01-2019Introducing world's first programmable TOTP tokens with time sync
03-12-2018Token2 TOTP Toolset
14-11-2018New product: OTPC-N1 - OTP Display card
30-10-2018New product: Token2 TC201 hardware token
26-10-2018Token2 C101 token WebUntis compatibility
23-10-2018Microsoft Azure Cloud MFA OATH hardware tokens support (public preview)
27-09-2018Which Token2 hardware token is right for my Azure MFA?
25-09-2018Enable hardware token based two factor authentication for Meraki Dashboard account
23-09-2018Enable hardware token based two factor authentication for your Stripe account