- From: Steve Carter <steve@juggler.net>
- Date: Tue, 29 Jan 2002 11:00:45 -0000
- To: "wai-ig list" <w3c-wai-ig@w3.org>
----- Original Message ----- From: "David Poehlman" <poehlman1@home.com> To: "Steve Carter" <steve@juggler.net>; "wai-ig list" <w3c-wai-ig@w3.org> Sent: Monday, January 28, 2002 6:39 PM Subject: Re: sign up security: > the email function can be automated. Although the process of creating and sending an email can be automated, it is a hard problem to have a computer create a set of questions and check the answers to confirm the answerer is a human. AFAIK the way to do this would involve a huge database of questions and answers, and then the problem is a simple one for the attacker to beat: just load a machine with say 20 of the questions and their responses, then repeatedly attack the service until you are asked one of those questions. Hey presto you are through. A useful weapon against intruders is 'suspicion' and this is something that humans are good at again. So you need a human interviewer. > Another area that is expensive to implement in a machine is world > knowledge and inference. The problem here is that it is a hard problem > for a computer to be the interviewer as well as for a computer to be the > interviewee. > This is what makes the 'phone call' a compelling solution. The test is > administered by a human, but because the human is costly to run, it is > only used in the minority of cases who cannot respond to the .png (say) or > .wav formats. The test is valid but again we have an issue with the > medium because the phone requires hearing and speaking. I suppose in > that case an email exchange probably would be the most accessible > means of administering the interview. > The interview method of course requires a human operator for the > website's end. At this point I have no suggestions for an automated > method.
Received on Tuesday, 29 January 2002 06:03:05 UTC