Imagine The Dark Future of CAPTCHA and Multifactor Authentication for the Blind

by

If you’re blind or severely visually impaired, imagine that you wake up one day to find…

  • You compose an e-mail to your sister, only to discover you can’t send it due to a visual CAPTCHA that provides no audio playback or other reasonable accomodation. A telephone number is given for visually impaired users. After waiting on hold for an hour, the person at the other end of the line has no clue how to help you. You consider switching e-mail providers, but you wonder if your bank account balance would support such a decision…

  • You log into your bank’s web site, only to find that a new visual security scheme has been implemented without considering your need for equal access. Since there is no reasonable accomodation for you as a blind person, your username and password are no longer sufficient and you have lost the ability to access something as simple as the balance of your own checking account! Since you do not live with a sighted person, you’re out of luck for a few days until you can find one with whom you trust with your personal bank account. Personal web surfing, for any reason, is not permitted at the office, so a co-worker is not an option.

  • You decide to log into PayPal to check your account balance there, only to find that the PayPal Security Key is now required for all customers! You never got one of those because the numbers it displays are only delivered visually. You assumed it wouldn’t be a requirement, or that accessibility would be considered before that happened. You’re now also locked out of your PayPal account! You give up, get showered, dress and leave for work…

  • At the office, you find yet another nasty surprise. All computers are now equipped with a visual display token for purposes of authentication and heightened security. The token displays a sequence of characters you must enter, in addition to your existing username and password, in order to be granted access to your work computer. Furthermore, due to the high security nature of the job, this process is required once every hour and anytime you leave your desk for breaks, lunch, etc. You suggest asking a supervisor for help with this process until it can be made accessible, but your employer sees fit to go ahead and get rid of you instead. Accomodating your needs would just be too much of an “undue burden”… You’re fired!

  • You return home to begin the process of applying for Social Security, Unemployment and other welfare benefits, only to find that most of the web sites require solving a visual CAPTCHA. You’ll have to go down to these separate offices in person! Getting assistance in person is an absolute nightmare! After waiting in line at Social Security for an hour, the agent says she is too busy to help you due to the need to serve other clients and, anyway, isn’t all this done online nowadays? You’re given a bunch of paperwork to have filled out by some sighted person, one of these days…

  • It takes so long to find competent sighted help that you don’t start receiving any welfare benefits for almost two months! In the meantime, you have lost your house and are now living in a homeless shelter! You can forget about another job, as most employers now require secure visual authentication, and most job related computer applications are virtually totally inaccessible to blind people…

  • Most assistive technology companies have since gone out of business, due to the implementation of visual authentication and the almost total lack of mainstream technology that even approaches any level of functionality with screen readers. Only a single company remains, delivering a screen reader to the few remaining blind government employees who retain their jobs by a thread. The Federal government is dying to be granted the ability to use the same visual authentication scheme as that employed in the private sector, if only they could successfully get Sections 504 and 508 of the Federal Rehabilitation Act repealed. There are national security reasons for doing this which clearly trump the needs of a few blind people. Congress and the President are in negotiations to make that happen any day now…

We should be afraid, be very afraid, of the clear and present danger posed by inaccessible CAPTCHA, visual only multifactor authentication schemes and other technologies that do not reasonably accomodate our needs. Our fear should not result in our cowering in a corner waiting for it to happen. Instead, we must become angry enough to start really doing something about it! Anger is not always a bad emotion. It is often a response to injustice, which we can choose to channel into taking positive action. As a blind community, are we up to the challenge of absolutely insisting that our need for equal accessibility be reasonably accomodated? As a blind individual, what actions will you take right now and later to ensure a brighter, more accessible future for you and your blind brothers and sisters? Don’t choose to remain in the dark one more second! Please feel free to take our poll on accessibility and provide your feedback by way of posting a comment to this article.

Alternate ACB Radio Interactive Broadband Listening Stream Now Available

by

ACB Radio Interactive listeners now have an alternate listening option, thanks to additional streaming bandwidth provided by Paul Merrell. Please feel free to utilize this option at any time in cases where you experience any breakup, buffering or outage of the primary broadband stream.

Once again, we at ACB Radio thank Paul for his generous donation!

Opportunity to Participate in New Web Accessibility Evaluation Project

by

The University of York in the United Kingdom, along with a consortium of other organizations, is embarking on a project to evaluate the web accessibility needs of people with disabilities. Let’s all visit Amfortas – Test Case Evaluation Framework and provide our expertise and insight to this potentially valuable effort. It appears there may be an opportunity to earn some compensation in exchange for time and energy spent conducting the requested testing. Even better; I’m signing up now!

PhoneFactor: A Potential Answer to Accessible Two-Factor Authentication

by

Once again, we learn that authentication based on sight alone is not the only game in town. A company called PhoneFactor delivers a two-factor authentication scheme in which the second piece of authentication material is literally your telephone. In simple terms, here’s how it works:

  1. Supply your traditional username and password as prompted.

  2. Your telephone rings.

  3. Press the pound sign!

  4. That’s all there is to it!

The potential of this solution to deliver security while ensuring accessibility for people with disabilities simply can’t be ignored!

PayPal Security Key: Do Blind People Deserve the Same Level of Security as the Sighted?

by

Recently, PayPal began offering account holders the ability to use a Security Key as an additional means of protection. The Security Key is a small piece of hardware that connects to the computer’s USB port and displays a sequence of numbers that change every 30 seconds. Once the key is activated, users must supply these numbers in addition to their typical PayPal username and password in order to be granted access. No accessible version of the PayPal Security Key is offered at this time. Though the Security Key is not required, there are a couple of significant concerns.

At this time, use of the Security Key is not required in order to continue using PayPal. One may decide to avoid purchasing and activating the Security Key, while still retaining access to their account. This may seem to represent a mitigating factor, except for one dirty little truth. The availability of the Security Key to only sighted PayPal customers automatically means that blind and visually impaired customers are not afforded the same degree of security! That’s right. While the sighted may now enjoy two-factor, virtually unbreakable authentication, we blind folks are stuck with the traditional username and password approach. This inherently makes the blind more vulnerable to fraud, identity theft, loss of PayPal funds and all manner of other imaginable nastiness. Alas, that’s not all!

While the Security Key is currently an optional enhancement, we can see the day in the near future when PayPal will begin requiring use of this authentication method for all account holders. At that time, blind and visually impaired people will be completely locked out of their PayPal accounts, unless an accessible version of the Security Key is made available. When that happens, PayPal will be giving its blind customers the boot, showing them the tightly barred and locked door featuring the infamous “No Blind People Allowed” sign.

Multifactor authentication is not new to PayPal. It is rapidly extending to the web sites of many banks and other financial institutions. It is absolutely critical that we, as a blind community, begin to effectively address issues of visual CAPTCHA and multifactor authentication before we find ourselves locked out of online participation and even separated from our money! Let’s act now with respect to PayPal! We urge all of you to ask PayPal for information about their intentions toward blind and visually impaired customers with respect to the Security Key. Please post any responses from PayPal as comments to this article.

New Travel Web Site Provides Information Focused on Accessibility for People with Disabilities

by

Tamas Babinszki reports that he has built a new travel oriented web site that provides information about various points of interest, including hotels, museums and restaurants, from the accessibility perspective of people with disabilities. The CLUEniversal site is organized into a database of clues (Convenient Locations for Universal Enjoyment) contributed directly by users who have firsthand experience visiting the points of interest featured on the site.

Mr. Babinszki writes the following concerning his new project:

I travel quite a bit, and often times I find it very frustrating that when I have a couple of hours between meetings and I plan any activities, I am greatly disappointed, because the sites I visit are not accessible, and I waste the little time I have instead of having done something more interesting. However, you don’t know this until you visit the sites. I could review other sites for user recommendations, but in most of the cases it does not provide enough information for me from the accessibility point of view. For example, a museum can be wonderful, but I would like to know if there is something to touch there or things are behind glass. I would rather pick a less interesting or less famous museum when I know that they have hands-on objects. Also, I’d rather pick a guided tour with many long stops where I have an opportunity to experience the sights, as opposed to a long bus tour where all I have is the tour guide’s explanation, if any.

Therefore, I put together CLUEniversal, a site where people can enter locations, similar to other travel sites. This site, however, is different, because when people enter a new location, they can answer numerous questions about the accessibility of a place. If a restaurant has a Braille menu, if a museum has a guided tour, if the hotel has airport transportation, etc. This way people with disabilities would have a greater chance to find locations which they would enjoy visiting. 

This site, however, is not built for people with disabilities only. It is primarily designed for all, this is what I stand for, this is what CLUE’s mean. CLUEniversal: Convenient Locations for Universal Enjoyment.

People can choose which questions they do or do not want to answer. Also, once a location (CLUE) is entered, visitors have an option to provide general, and accessibility related ratings and comments. 

This site is totally free. I believe people should have access to such information free of charge. It is, however, optional to register, I would like to provide incentives for people who contribute the most to the database, which requires an e-mail address and a user name, and only the user name is publicly available. 

The site is a Beta version. While I have most of the concepts worked out, the database only contains a few items. Also, more categories will be added, together with more questions in order to determine the enjoyment and accessibility level of a location. 

As of now, I’m looking for people who are willing to test the site, provide more locations and offer suggestions on how to make this site a more useful experience for them. 

This new site is in the early beta stage. It holds tremendous potential to make travel much more enjoyable for those of us whom happen to be blind or visually impaired. Let’s all give him a hand by adding the points of interest we visit on a regular basis.

EdSharp 1.2 released

by

http://www.EmpowermentZone.com/edsetup.exe

Version 1.2
Released August 18, 2007

Fixed the default EdSharp.ini overwriting the Import and Export sections of
the user's EdSharp.ini configuration file. Fixed commands such as Quote
(Control+Q) producing an error if no text was at the cursor position
(because the document was empty or the cursor was at the end).

Added support for enhanced speech messages when using the System Access
screen reader from
http://serotek.com

Enhanced Find and Replace commands (Control+F, Control+Shift+F, and
Control+R). The Text you enter in Find or Replace dialogs may now include
tokens that represent nonprinting characters. This syntax is available for
strings in the C programming language and its variations. Common tokens are
a pair of characters consisting of a backslash and letter, such as the
following: \r for carriage return (ASCI 13), \n for line feed (ASCII 10),
\t for tab (ASCII 9), and \f for form feed (ASCII 12). Such tokens allow
you to search for text, say, at the beginning or end of a line (use \n for a
line break in EdSharp).

The trade off for this flexibility is that backslash and quote characters
must be preceded by a backslash when intended literally (not part of a
token), i.e., \\ for backslash and \" for quote. Since this doubling of
characters may be cumbersome with search terms such as a file path, however,
EdSharp supports use of an initial @ character to indicate that the
following characters should be interpreted literally rather than as possible
tokens. For example, if searching for a file in the document, you could
enter the term
@c:\temp\temp.txt
rather than c:\\temp\\temp.txt
If you need to search for an interpreted string that begins with the @
character, precede it with a backslash, e.g.,
\@\c:\\temp\\temp.txt

The Open Other Format command (Control+Shift+O) now shows the command line
attempted by a custom converter if it failed to produce text. Added several
converters distributed with EdSharp. External converters are stored in the
Convert subfolder of the EdSharp program folder, e.g., in (default
installation):\Program Files\EdSharp\Convert

Besides the pdf converter mentioned previously, the default EdSharp.ini
configuration file (in the EdSharp program folder) now includes the
following conversions. GetText.exe is configured for importing from Windows
Help (.hlp) and Microsoft Word (.doc) — thereby eliminating the need to
load Word for this purpose. chm2txt imports Compiled HTML Help (.chm).
htm2md.exe imports from HTML and variations (.htm, .html, and .xhtml) to a
text format called Markdown — explained at
http://en.wikipedia.org/wiki/Markdown
md2htm.exe does the reverse, exporting from Markdown to HTML. EdSharp
supports Markdown as an aid to developing web pages.

Jamal