Hi Tony, I believe the technical name for this security feature is CAPTCHA's These guys claim to be able to generate a voice output enabled CAPTCHA , but I have not checked it out. http://captchas.net/ Also have a look at these for more info: http://www.accessiblecontent.com/online/v2n1/index.php?view=captcha http://www.access-matters.com/2005/05/22/quiz-115-did-a-captcha-catch-ya/ http://www.voiceofthenationsblind.org/articles/192/google-struggles-with-acc essibility-as-services-expand Hope this is some help. Tim -----Original Message----- From: vicsireland-bounce@xxxxxxxxxxxxx [mailto:vicsireland-bounce@xxxxxxxxxxxxx] On Behalf Of Tony Murray Sent: 28 April 2006 12:29 To: VICS Subject: [vicsireland] Website Authentication Hi VICS Members, I'm looking for opinions on an issue regarding website authentication. There is probably a legal directive, or recommendation somewhere stating the rules about this, so if anyone knows that please enlighten me too. User's opinions are most important though, so everyone who has a view on it... Chime in! At the moment, many companies are concerned with online security. Phishing attacks (http://www.webopedia.com/TERM/p/phishing.html) and the like, are causing shock waves in the online world, so beefing up security is a major concern for many. A common way of deterring would-be attackers or fraudsters is to present an image of some text on the screen. A user wishing to access a site, or sign up for a service, is required to enter the text they see in to a field. The visually impaired user is offered a button to click, which provides audio output via the speakers. This often distorted output relays the text displayed in the image to the user, so they too can access the site (in theory). According to online service providers, this is the 'accessible' solution to the problem of not being able to see the image. Is this solution recognised, both legally and from the majority of user's perspectives, as 'the way to go'? How do you guys find it? Does it always work for you? If you think this solution is terrible, and unreasonable, can you suggest something else equally as secure? What anti-fraud feature can you think of would match this method of locking down websites against attackers? The object of the security measure is to force 'real' user interaction with the website or application. It is possible to write small programs which can try and access sites, by inserting multiple usernames, combinations of potential personal access codes and passwords etc. Forced 'real' user interaction is the way around this. At the moment, there are some things software just can't do! Typing in specific alphanumeric characters, displayed in a .JPG or .GIF file on the screen seems to be one. Interpreting distorted audio seems to be another. If these methods aren't accessible, what are? I look forward to hearing any opinions or suggestions. Cheers, Tony **************************************************************************** **** This document is strictly confidential and is intended for use by the addressee unless otherwise indicated. This email has been scanned by an external Email Security System. Allied Irish Banks **************************************************************************** ****