the best alternative they can provide for captcha is OTP. I just
visited the income tax website to link my apan card with adhar card.
they have this option. I easily linked my pan card with the help of
OTP. I loved it. I think IRCTC, UIDAI, and all others should adopt
this idea.

On 8/8/17, Kotian, H P via Ai <> wrote:
> Hi Alok
> Just to bring to your attention, there is a security challenge in this
> approach.
> CAPTCHA is essentially used to fight against Bots and to prevent them from
> guess the CAPTCHA.
> As I see, you have the words placed in Alt text. It is not a big deal to
> read the alt dext fromDocument object and convert the numbers in words back
> to numerals.
> Check it out.
> Harish.
> From: Ai [] On Behalf Of
> Alok Kaushik via Ai
> Sent: Tuesday, August 8, 2017 8:49 AM
> To:
> Cc: Alok Kaushik <>
> Subject: [Ai] For software developers - creating custom accessible CAPTCHA
> Hi,
> In one of my recent software development works I created a CAPTCHA that is
> accessible for screen readers using the following approach.
> 1.       Generate a random 5 digit number.
> 2.       Generate an image containing the embedded 5 digit number. Image is
> programmatically generated and is  not an image that could be downloaded. 5
> digit number is communicated to the captcha generating code using
> encryption.
> 3.       Convert the complete 5 digit number in English words, including the
> words thousand and hundred.
> 4.       Assign the converted number in words as the alternate text of the
> image dynamically. This would allow the screen readers to read out the
> number in words, while  other users will see regular image.
> 5.       Track the random number as a session variable for later
> comparison.
> I am writing this for following two reasons.
> 1.       This approach seems to be working for me. Want to know if anyone
> sees any issue in this either in usability or security.
> 2.       If anyone doing software development is interested in implementing
> this, I can share the code off the list.
> Thanks.
> Alok
> ________________________________
> Caution: The Reserve Bank of India never sends mails, SMSs or makes calls
> asking for personal information such as your bank account details,
> passwords, etc. It never keeps or offers funds to anyone. Please do not
> respond in any manner to such offers, however official or attractive they
> may look.
> Notice: This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you are not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the information contained in
> this e-mail message and/or attachments to it are strictly prohibited. If you
> have received this email by error, please notify us by return e-mail or
> telephone and immediately and permanently delete the message and any
> attachments. The recipient should check this email and any attachments for
> the presence of viruses. The Reserve Bank of India accepts no liability for
> any damage caused by any virus transmitted by this email.

gatak singh
QA test engineer at VMware India pvt. ltd.






1. Contents of the mails, factual, or otherwise, reflect the thinking of the 
person sending the mail and AI in no way relates itself to its veracity;

2. AI cannot be held liable for any commission/omission based on the mails sent 
through this mailing list..

To check if the post reached the list or to search for old posting, reach:

Ai mailing list

Reply via email to