{"id":4438,"date":"2026-02-10T17:22:53","date_gmt":"2026-02-10T22:22:53","guid":{"rendered":"https:\/\/www.yorku.ca\/professor\/drsmith\/?p=4438"},"modified":"2026-02-10T17:22:53","modified_gmt":"2026-02-10T22:22:53","slug":"computer-security-one-time-codes","status":"publish","type":"post","link":"https:\/\/www.yorku.ca\/professor\/drsmith\/2026\/02\/10\/computer-security-one-time-codes\/","title":{"rendered":"Computer Security: One Time Codes"},"content":{"rendered":"\n

When I lived in Germany in 2006-8 I had a bank account with Deutsche Bank. To log in securely to my account they printed out a piece of paper with a table in it. The table contained \"one time codes\". No devices needed. No apps. Just a piece of paper that I could put in my wallet.<\/p>\n\n\n\n

It's 2026 and I just logged into the CRA website. It needs multi-factor authentication<\/a>. I get that. One option is to download yet another app for my phone. Another option? \"Passcode grid\": one time codes saved to a PDF that I can print out.<\/p>\n\n\n\n

\"screen
screen capture from the CRA website that shows an example of a set of one-time codes.<\/figcaption><\/figure>\n\n\n\n

Here at YorkU we've been told that SMS-based two-factor authentication is not good enough. Well, it is for the CRA and for my bank. Plus, now we have another layer... one time codes on a piece of paper or PDF.<\/p>\n\n\n\n

Hmmm... one time codes ... if it was good enough for Deutsche Bank and it's good enough for the CRA then maybe it's good enough for my employer. Multi-factor security without apps. It's possible. Why aren't we using an option like this?<\/p>\n\n\n\n

\n\n\n
\n
\"a<\/figure><\/div>\n\n\n

James Andrew Smith is a Professional Engineer and Associate Professor in the Electrical Engineering and Computer Science Department<\/a> of York University\u2019s Lassonde School<\/a>, with degrees in Electrical and Mechanical Engineering from the University of Alberta and McGill University.  Previously a program director in biomedical engineering, his research background spans robotics, locomotion, human birth, music and engineering education. While on sabbatical in 2018-19 with his wife and kids he lived in Strasbourg, France and he taught at the INSA Strasbourg<\/a> and Hochschule Karlsruhe<\/a> and wrote about his personal<\/a> and professional <\/a>perspectives<\/a>.  James is a proponent of using social media to advocate for justice, equity, diversity and inclusion as well as evidence-based applications of research in the public sphere. You can find him on Twitter.  <\/s>You can find him on BlueSky<\/a>. Originally from Qu\u00e9bec City, he now lives in Toronto, Canada. <\/p>\n","protected":false},"excerpt":{"rendered":"

When I lived in Germany in 2006-8 I had a bank account with Deutsche Bank. To log in securely to my account they printed out a piece of paper with a table in it. The table contained \"one time codes\". No devices needed. No apps. Just a piece of paper that I could put in […]<\/p>\n","protected":false},"author":762,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","footnotes":""},"categories":[705,51,53],"tags":[830,552,945,943,867,944,750],"class_list":["post-4438","post","type-post","status-publish","format-standard","hentry","category-computers","category-lms","category-moodle","tag-authentication","tag-computer-security","tag-multifactor-authentication","tag-password","tag-security","tag-two-factor-authentication","tag-uit"],"taxonomy_info":{"category":[{"value":705,"label":"computers"},{"value":51,"label":"lms"},{"value":53,"label":"Moodle"}],"post_tag":[{"value":830,"label":"authentication"},{"value":552,"label":"computer security"},{"value":945,"label":"multifactor authentication"},{"value":943,"label":"password"},{"value":867,"label":"security"},{"value":944,"label":"two factor authentication"},{"value":750,"label":"uit"}]},"featured_image_src_large":false,"author_info":{"display_name":"drsmith","author_link":"https:\/\/www.yorku.ca\/professor\/drsmith\/author\/drsmith\/"},"comment_info":"","category_info":[{"term_id":705,"name":"computers","slug":"computers","term_group":0,"term_taxonomy_id":705,"taxonomy":"category","description":"","parent":0,"count":4,"filter":"raw","cat_ID":705,"category_count":4,"category_description":"","cat_name":"computers","category_nicename":"computers","category_parent":0},{"term_id":51,"name":"lms","slug":"lms","term_group":0,"term_taxonomy_id":51,"taxonomy":"category","description":"","parent":0,"count":23,"filter":"raw","cat_ID":51,"category_count":23,"category_description":"","cat_name":"lms","category_nicename":"lms","category_parent":0},{"term_id":53,"name":"Moodle","slug":"moodle","term_group":0,"term_taxonomy_id":53,"taxonomy":"category","description":"","parent":0,"count":27,"filter":"raw","cat_ID":53,"category_count":27,"category_description":"","cat_name":"Moodle","category_nicename":"moodle","category_parent":0}],"tag_info":[{"term_id":830,"name":"authentication","slug":"authentication","term_group":0,"term_taxonomy_id":830,"taxonomy":"post_tag","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":552,"name":"computer security","slug":"computer-security","term_group":0,"term_taxonomy_id":552,"taxonomy":"post_tag","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":945,"name":"multifactor authentication","slug":"multifactor-authentication","term_group":0,"term_taxonomy_id":945,"taxonomy":"post_tag","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":943,"name":"password","slug":"password","term_group":0,"term_taxonomy_id":943,"taxonomy":"post_tag","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":867,"name":"security","slug":"security","term_group":0,"term_taxonomy_id":867,"taxonomy":"post_tag","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":944,"name":"two factor authentication","slug":"two-factor-authentication","term_group":0,"term_taxonomy_id":944,"taxonomy":"post_tag","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":750,"name":"uit","slug":"uit","term_group":0,"term_taxonomy_id":750,"taxonomy":"post_tag","description":"","parent":0,"count":3,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/posts\/4438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/users\/762"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/comments?post=4438"}],"version-history":[{"count":2,"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/posts\/4438\/revisions"}],"predecessor-version":[{"id":4441,"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/posts\/4438\/revisions\/4441"}],"wp:attachment":[{"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/media?parent=4438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/categories?post=4438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yorku.ca\/professor\/drsmith\/wp-json\/wp\/v2\/tags?post=4438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}