Skip to main content

Grid Cards: Multi-factor authentication without the technical overhead

Nov

01

2022

Time to read

Read so far

Written by: 

Rohan Ramesh

Time to read

Written by: 

blog-post-1000x420-V1

We already know the importance of multi-factor authentication (MFA) to secure access to resources for users in a world where passwords are the single largest attack vector. In a recent study, it was found that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. When we think about MFA, we automatically think about using mobile push notifications, SMS one-time passcodes (OTP), and the like.

But what about situations where you have frontline or field employees who need to access critical resources and systems, but don’t have access to a mobile device, or one is not allowed due to the sensitive nature of the data being accessed? Here are some scenarios where use of mobile devices is not feasible:

  • Outsourced call centers that have employees accessing systems connecting to sensitive data within your organization like customer personally identifiable information (PII).
  • Part-time frontline employees in customer service who need access to critical customer data in order to provide proper customer support.
  • Military field personnel who cannot use electronic forms of authentication due to the possibility of transmissions being intercepted.
  • Mobile emergency workers in emergency situations where it is not convenient or possible to carry mobile devices.

How do you enable MFA for these employees?

One way is the use of physical keys like FIDO keys. However, these can prove to be too costly to support. Keys can be lost or damaged and have to be replaced. When employees quit or new employees join, they need to be wiped and reconfigured.

What are grid cards and how do they work?

Grid cards are an easy-to-use and cost-effective way to provide MFA for users that cannot use mobile devices to log in to the required systems and applications. The grid card is a paper-based card that can be printed from a PDF file and contains a grid of rows and columns consisting of numbers and characters. As part of the MFA process, users are presented with a coordinate challenge and must respond with the information in the corresponding cells from the unique card that they possess.

In the example grid card below, a user is presented with an authentication challenge when trying to log in to a restricted resource such as an application or system and has to provide the information in cell E5. We see that the information in cell E5 is “X7.” The user can enter this information to complete the MFA challenge and gain access to the required resource.

Gridcard

The number of cells and number of characters within each cell is configurable. Cells can be configured to expire after a single use or the challenge mechanism can be configured to use a least-used cell approach to prevent attackers who have may have gained access to previously used cells to correctly respond to the challenge. The overall grid card can also be configured to have an expiry date. When needing to be replaced, these grid cards can easily be generated and provided to employees in the form a of a printable PDF for easy and secure distribution.

With the use of this simple low-tech, low-cost, and secure MFA authenticator, you can support remote field and frontline staff with easy-to-use, strong multi-factor (MFA) authentication. Get the peace of mind of strong MFA without the overhead that comes with supporting it.

Learn more about our industry leading suite of MFA authenticators here:

https://www.entrust.com/digital-security/identity-and-access-management/capabilities/multi-factor-authentication-mfa