When I lived in Germany in 2006-8 I had a bank account with Deutsche Bank. To log in securely to my account they printed out a piece of paper with a table in it. The table contained "one time codes". No devices needed. No apps. Just a piece of paper that I could put in my wallet.
It's 2026 and I just logged into the CRA website. It needs multi-factor authentication. I get that. One option is to download yet another app for my phone. Another option? "Passcode grid": one time codes saved to a PDF that I can print out.
Here at YorkU we've been told that SMS-based two-factor authentication is not good enough. Well, it is for the CRA and for my bank. Plus, now we have another layer... one time codes on a piece of paper or PDF.
Hmmm... one time codes ... if it was good enough for Deutsche Bank and it's good enough for the CRA then maybe it's good enough for my employer. Multi-factor security without apps. It's possible. Why aren't we using an option like this?
James Andrew Smith is a Professional Engineer and Associate Professor in the Electrical Engineering and Computer Science Department of York University’s Lassonde School, with degrees in Electrical and Mechanical Engineering from the University of Alberta and McGill University. Previously a program director in biomedical engineering, his research background spans robotics, locomotion, human birth, music and engineering education. While on sabbatical in 2018-19 with his wife and kids he lived in Strasbourg, France and he taught at the INSA Strasbourg and Hochschule Karlsruhe and wrote about his personal and professional perspectives. James is a proponent of using social media to advocate for justice, equity, diversity and inclusion as well as evidence-based applications of research in the public sphere. You can find him on Twitter. You can find him on BlueSky. Originally from Québec City, he now lives in Toronto, Canada.