[vicsireland] Re: Website Authentication
- From: "Tim Culhane" <tim.culhane@xxxxxxxxxxxxxxxx>
- To: <vicsireland@xxxxxxxxxxxxx>
- Date: Tue, 2 May 2006 08:36:14 +0100
Hi Tony,
I believe the technical name for this security feature is CAPTCHA's
These guys claim to be able to generate a voice output enabled CAPTCHA , but
I have not checked it out.
http://captchas.net/
Also have a look at these for more info:
http://www.accessiblecontent.com/online/v2n1/index.php?view=captcha
http://www.access-matters.com/2005/05/22/quiz-115-did-a-captcha-catch-ya/
http://www.voiceofthenationsblind.org/articles/192/google-struggles-with-acc
essibility-as-services-expand
Hope this is some help.
Tim
-----Original Message-----
From: vicsireland-bounce@xxxxxxxxxxxxx
[mailto:vicsireland-bounce@xxxxxxxxxxxxx] On Behalf Of Tony Murray
Sent: 28 April 2006 12:29
To: VICS
Subject: [vicsireland] Website Authentication
Hi VICS Members,
I'm looking for opinions on an issue regarding website authentication. There
is probably a legal directive, or recommendation somewhere stating the rules
about this, so if anyone knows that please enlighten me too. User's
opinions are most important though, so everyone who has a view on it...
Chime in!
At the moment, many companies are concerned with online security. Phishing
attacks (http://www.webopedia.com/TERM/p/phishing.html) and the like, are
causing shock waves in the online world, so beefing up security is a major
concern for many.
A common way of deterring would-be attackers or fraudsters is to present an
image of some text on the screen. A user wishing to access a site, or sign
up for a service, is required to enter the text they see in to a field. The
visually impaired user is offered a button to click, which provides audio
output via the speakers. This often distorted output relays the text
displayed in the image to the user, so they too can access the site (in
theory). According to online service providers, this is the 'accessible'
solution to the problem of not being able to see the image.
Is this solution recognised, both legally and from the majority of user's
perspectives, as 'the way to go'? How do you guys find it? Does it always
work for you?
If you think this solution is terrible, and unreasonable, can you suggest
something else equally as secure? What anti-fraud feature can you think of
would match this method of locking down websites against attackers?
The object of the security measure is to force 'real' user interaction with
the website or application. It is possible to write small programs which
can try and access sites, by inserting multiple usernames, combinations of
potential personal access codes and passwords etc. Forced 'real' user
interaction is the way around this. At the moment, there are some things
software just can't do! Typing in specific alphanumeric characters,
displayed in a .JPG or .GIF file on the screen seems to be one. Interpreting
distorted audio seems to be another. If these methods aren't accessible,
what are?
I look forward to hearing any opinions or suggestions.
Cheers,
Tony
****************************************************************************
****
This document is strictly confidential and is intended for use by the
addressee unless otherwise indicated.
This email has been scanned by an external Email Security System.
Allied Irish Banks
****************************************************************************
****
Other related posts: