Blind Users and Online Security

INSERT PROFESSOR NAME AND CLASS NAME HERE!

Why is online security important to blind people? People who are blind may have

trouble with transportation, so they often shop and purchase items online to be delivered to their workplaces or homes

Paper bills in the mail are a hassle for blind users, they greatly prefer to receive and pay all statements and bills online

So online security is VERY IMPORTANT to blind users

Introduction People with low vision may use screen

magnification, but people with no residual vision rely on audio or tactile

Screen reader software (e.g. Window-Eyes or JAWS), costs under $1000 and can be used by anyone with hearing

Refreshable braille displays cost thousands of dollars and only an estimated 10-20% of blind Americans can read Braille.

Audio output and security Because of those facts, audio is the

primary method of output for blind users, so privacy can be a concern

You don’t want other people to hear your personal information (login, password, credit card number, etc.) when they are passing by

If it’s for an edit field that won’t appear visually (e.g. stars show up when you type in a password), then the data also won’t appear in audio output

Use of headsets by blind users

This poses a problem: you need to hear audio confirmation to ensure that what you are typing is correct, but you don’t want others to hear it

Often, blind users will utilize headsets on their desktop computer or laptop, or use headsets when they want to perform sensitive tasks

This is also true on kiosks and ATMs

Consider ATM machines Many ATM machines will have different

layouts, so blind users aren’t always 100% sure of the input or output—they need verification

Blind users don’t want to share their passwords with anyone else

But audio output could lead to security or privacy breaches (your password and current balance are no one’s business!)

Even ATM machines now have headset jacks so that blind users can have privacy

(Manzke et. al. 1998)

Common forms of authentication

Passwords Security questions Human interaction proofs Biometrics

Passwords Blind users can utilize passwords just like

any other users Because blind users have no trouble

typing, it’s unlikely that they would use shorter-than-normal passwords (as people with motor impairments may user)

But password fields need to be non-showing (with astericks) so that others can’t walk by and see/hear the passwords

Security Questions Blind users are not expected to have

any problems with security questions Security questions such as:

What was the first school you attended? What is your favorite sports team? What city were you born in

As long as others can’t see/hear the responses, there are no security-related problems

Human interaction proofs Blind users DO tend to have

problems with various forms of human interaction proofs

There is a body of literature on this issue

A human-interaction proof is a tool to determine the difference between a human user and an automated software bot or virus

Human Interaction Proofs (HIP)

The most common type of HIP is known as a CAPTCHA (Completely Automated Public Turing tests to tell Computers and Humans Apart)

About HIPs/CAPTCHAs CAPTCHAs (a type of HIP created at

Carnegie-Mellon Univ.) provide text that is distorted (www.recaptcha.net)

The idea is that a human could see through the distortion, but image recognition software (from a bot or virus) could not understand the text

The human user is required to enter the text correctly to move onto the next step of the interface or web site

About HIPs/CAPTCHAs People without any impairments may

have problems with solving visual CAPTCHAs, but blind people cannot solve any visual CAPTCHAs

While the distortion is needed to make the HIP secure, it causes problems for most people, regardless of impairment

Human interaction proofs often become tests of vision quality, NOT who is a human

Audio HIPs

Visual HIPs (such as CAPTCHAs) are inherently inaccessible for blind users

So developers have worked on building audio HIPs

These audio HIPs often include letters and numbers, or words, using computer synthesized speech, with lots of background distortion

The audio HIP is a separate track, a separate tool from a visual HIP

Audio HIPs Audio HIPs, even though they

technically may work for blind users, tend to have low success rates

A large amount of distortion must be added to the audio clips so that automated tools can’t easily identify them

This makes the audio HIPs very hard to solve

Audio HIPs

There are also usability issues in the way that audio HIPs are presented

For instance, while an audio clip is being played, there may be background sounds from the screen reader

Also, the user has to quickly move to the edit box and try and remember all of the letters and numbers that they heard

Audio HIPs typically have only 40-50% success rates among blind users

(Sauer et. al, 2009; Bigham et. al. 2009)

Audio HIPs Bigham et. al. 2009 found that if you

change the way that the audio clip is presented on the screen (e.g. allow for the user to start and stop the clip in the middle), but keep the same audio clip, their users increased the success rate from 42% to 68%

While 68% is an improvement, it’s still not the 90% human success rate that is the goal of human interaction proofs

New approaches to HIPs The concept of a HIP is important, and

needed, and will be needed for a while Even those HIPs only stop approx. 1/3

of viruses and bots, they will continue to be used

It’s important to create more accessible HIPs that work for users with impairments, especially blind users

HIPUU: A New Approach

A team of researchers at Towson University created HIPUU (Human Interaction Proof, Universally Usable)

HIPUU consists of pairs of non-textual images and sounds

Rather than using distortion, HIPUU uses pictures/sounds that are easy for humans to recognize, but harder for image and speech recognition to recognize

The goal is to build a HIP that all can use

HIPUU: A New Approach

The image/sound combinations include animals, weather, musical instruments, and other sounds

Example: humans are much better than computers at recognizing the many different sounds a dog makes

Humans can choose either the image, the sound clip, or both, and then enter the textual description of the object

Recent version of HIPUU

Users receive different combinations each time

Easier to remember and type in, compared to random text strings

Free-text entry 3 or 4 objects Spelling errors and

synonyms are allowed (using standard InfoSci techniques)

Current research on HIPUU Both blind and visual users had over 90%

success rate Users reported high levels of satisfaction The free-text entry was found to be

superior to previous research with pull-down menus

The HIPUU interface has also been evaluated for security and robustness

Evaluation still needs to be done with deaf users and users with spinal cord injuries

Biometrics Biometrics, in general, should work for

blind people as well as it works for people with full vision

Fingerprints and voice recognition are no problem: however, the system will need to provide accessible prompts to blind users on what to say, or where to place their finger

Iris/retina scanning: not effective for most blind users, since they may have a glass eye, eyelids unable to open, or there may be deformities or atrophy in the eyes

How do blind users enter private data?

If there are multiple fields that must be entered for authentication (such as login, password, and security question), understand that blind users will be tabbing through those fields, NOT using a mouse (Murphy et. al. 2008)

Sometimes, blind users can be unsure if they are entering their data in the correct edit box (Murphy et. al. 2008)

Entering private data

Make sure that all form fields are properly labeled and the tabbing order is properly noted (Lazar et. al. 2007)

Blind users tend to feel apprehensive about entering credit card data into a web site, since it is often hard to determine whether a site is secure or credible through audio means (Holman et. al, 2008; Murphy et. al. 2008)

Entering private data

In extreme circumstances, when blind users are having trouble understanding the navigation scheme on the web page, they may close the browser and re-launch, to find what they are looking for (Murphy et. al. 2008)

While they could ask other humans for help, they don’t want to share private information

Calling a phone number for help is an absolute last resort

Assistive Technology isn’t perfect!

Consider that there are often conflicts with various assistive technology and operating systems, software applications, and web sites (Harris, 2006

Screen readers are well-known to have conflicts and crashes (Lazar et. al. 2007)

You may need to provide alternate methods for attempting a task

Are login screens the worst part?

Some studies have noted that login screens on online learning software, and on social networking sites, are not accessible for blind users (Meiselwitz and Lazar, 2009)

There is often the argument that, if a login page isn’t accessible, it is meaningless if the rest of the site is, because blind users won’t be able to get to those portions of the web site.

However, an inaccessible login page doesn’t necessarily mean that the entire site is inaccessible.

Anti-virus software To some extent, blind users are more

susceptible to viruses and spyware As previously mentioned, it’s hard to get

a computer setup working 100% properly with assistive technology, so once it’s working properly, people are less likely to upgrade other software components

This means that anti-virus software isn’t always updated, software patches aren’t always installed (Holman et. al., 2008)

Anti-virus software

The truth is that sometimes, the security companies are to blame

There have been multiple reports saying that newer versions of certain anti-virus software is inaccessible, so blind users may not update to newer versions

Also, all of the various features and widgets on a screen, which may provide useful information on credibility or security of a web site, are not always available to screen readers

Software is not always up-to-date

Because all of the same contextual information on a screen isn’t available to blind users, they may download items that they shouldn’t, or not be aware of updated patches that they need, or they may not receive warning messages

Or newer, more secure versions of software may not be installed, because there are compatibility problems

Anti-spam software Spam e-mail is also a problem for blind

users Inappropriate spam e-mail can be

embarrassing when read out loud There is also a large time cost in listening

to lots of spam e-mail. Most blind users tend to use spam filters

and have very high levels of filtering (Wentz et. al. 2010, and Lazar et. al 2005)

There are many e-mails that do not reach blind users because they are caught by spam filtering

Other security-related concerns Automatic time-outs (where, after a

certain period of inactivity, the user is logged out), can sometimes be a problem

Blind users need to be given accessible notification that without further activity, they will automatically be logged out

The problem isn’t that blind users take any longer (in fact, there is evidence to the contrary), but that the notification of time left until auto-logout may not be accessible

Suggestions for designers Make sure that all security-related

features are accessible Test all security-related features

with screen readers Make sure that notifications on the

screen will be read by screen readers

Involve blind users in the development process