[access-uk] Re: A verification graphic solution perhaps?
- From: "Ray's Home" <rays-home@xxxxxxxxxxxxxxxxxx>
- To: <access-uk@xxxxxxxxxxxxx>
- Date: Wed, 1 Mar 2006 09:56:35 -0000
Re. screen reader validation, this is an idea that has been floated on the
Window-Eyes discussion list, especially regarding PDf files and security
settings. Although some WE users have tended to be luke warm about it, I
wouldn't be surprised if Doug at GW doesn't come up with something like this
seeing as GW's approach is more on the side of working with software vendors to
solve problems like this.
I will not claim to know the ins and outs of this business of signing up on
sites and the exact 'why' of graphical means to secure
identification/authentication, but even PayPal has to resort to a phone call,
albeit an automated one, to activate an account as 'verified'. You can be
caught out by that one if you have anonymous call barring in operation. Still,
my point is, what is so very wrong with the phone as part of a security system?
Genuinely asking, not making a point as such.
Ray
Personal emails: Email me at
mailto:ray-48@xxxxxxxx
----- Original Message -----
From: "James O'Dell" <jamesodell@xxxxxxxxxxxx>fication graphic solution perhaps?
| Maybe, and I think the questions would probably have to be dynamically
| updated every day or so by site administrators, rather than lying in a
| database somewhere , because that approach wouldn't take bot designers very
| long to get around. I do like the idea of a Screen Reader Validation
| module, not least because it would make it far easier for us to access sites
| and content written in other languages (paypal Spain, for example, does not
| have the audio version of the visual verification). The only problem I can
| see with this approach is that a major spammer might well be prepared to
| spend $1000 on a screen reader, or even $100 on something like Freedom Box,
| if it gives them apparently legitimate access to Hotmail, Yahoo, Pay Pal,
| political votes and discussion boards etc. The only way round this I can
| see would be for the SRVM to submit information about the user e.g. name and
| serial number back to the Screen Reader manufacturer each time it was
| accessed, and I wonder how popular that would be.
|
| James
| ----- Original Message -----
| From: "Barry" <bbinc@xxxxxxxxxxxxx>
| To: <access-uk@xxxxxxxxxxxxx>
| Sent: Tuesday, February 28, 2006 5:33 PM
| Subject: [access-uk] Re: A verification graphic solution perhaps?
|
|
| >I like the idea of a question. It could be so simple that anyone could
| > answer it, such as "Is the queen male or female", "Is water a gas, solid
| > or
| > liquid" and "How many legs does the average person have"? If the answer is
| > different every time, but still very simple , it would be difficult for
| > the
| > average geek to set a robot to answer it. However, the sound files used
| > to
| > register a person in place of graphics are encrypted so that they are
| > still
| > quite good - voice recognition software cannot recognise them.
| >
| > Barry
| >
| > ----- Original Message -----
| > From: <access-uk@xxxxxxxxxxxxx>
| > To: <access-uk@xxxxxxxxxxxxx>
| > Sent: Tuesday, February 28, 2006 2:25 PM
| > Subject: [access-uk] A verification graphic solution perhaps?
| >
| >
| > HI all,
| >
| > I just drafted what I I hope will be a thought provoking email about
| > registration verification graphics for an internal accessibility list
| > here at work. The BBC are seeking new solutions to the problem and
| > currently have the idea to provide an 0800 support number alongside the
| > website.
| >
| > The following are some ideas I had on a possible web based solution, Be
| > good to get feedback off it. Good idea or bad idea?
| >
| > This whole problem is about Verification graphics. Visually impaired
| > people either can't decipher the complexity because of low vision or
| > just can't read a graphic at all if they have no sight. Screenreaders,
| > obviously, can't read graphics.
| >
| > Follow my train of thought here ...
| >
| > If screenreaders COULD read the verification graphics, then so could any
| > bit of software cobbled together by a script kiddie. In fact, that's why
| > the graphics work so well for sighted users ... and indeed why they work
| > so badly for visually impaired ones. If it were readable in any way,
| > then scripters could setup mail accounts, swing votes, etc en masse. An
| > issue for spamming and integrity of many online services.
| >
| > Other solutions in the past, such as the one used by Hotmail, have
| > involved speech. A sound file with a word in it is generated. Speech
| > recognition software exists, however, thought though I'm sure this is a
| > pretty good solution with more thought.
| >
| > So, we're looking at something that isn't an alphanumeric ascii
| > solution.
| >
| > The verification graphics are fancily written words so that even the
| > best OCR software can't read it. It relies on your brain to decipher
| > things too complex for computers.
| >
| > So, why not another solution that is too complex for computers to easily
| > crack.
| >
| > What if the web user was given an alternative verification ... i.e.
| > given the verification graphic and also a riddle or quiz?
| >
| > E.g. 1: "Work out the answer to the following and tap it into the edit
| > field below"
| >
| > E.g. 2: "What is the next number in this sequence?"
| >
| > E.g. 4: "What is the capital of China?"
| >
| > E.g. 3: "the cat sat on the --- .... Fill in the blank word"
| >
| > This approach is one a computer program can't easily replicate. It asks
| > the user to use their brain to answer a question.
| >
| > Any thoughts appreciated. Any flaws in my plan most welcome. Better more
| > appropriate examples also welcome.
| >
| > ...Damon
| >
|
** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
Other related posts:
