Ask HN: I'm quadriplegic – can you help me with my security?

486 points by escapologybb ↗ HN
Hey Hacker News,

I've run out of places to look so I hope you guys can help me with this. I would like to:

1. Securely login to my various websites 2. Securely lock and unlock my MacBook Pro.

Easy, right?

Except I'm quadriplegic. I use DragonDictate[1] to input text, and invoke keyboard shortcuts verbally, and SwitchXS[2] with a single button switch[3] (to move the mouse around and switch between applications etc). With these I have nearly total control over my laptop.

I use a password manager and once I've spoken the master password out loud the rest of my password challenges are automated. This is necessary, but not so secure as my laptop is then just open to anyone who picks it up. But I can't password lock my whole laptop because OS X requires that password before it will load up any applications, and I can't put a password in without my apps.

I was thinking of getting a YubiKey, but for that I would need to touch the sensor on the key to activate everything, but as you might imagine the whole quadriplegic thing gets in the way of this!

Some other sort of hardware master key, maybe? What do you guys think?

A word on the adversary: I want my personal information secure from casual passers-by who after having a quick peck on the keyboard would more than likely give up; I'm not looking for PRISM dodging security here :-)

Anyway, any help would be greatly appreciated!

[1]: http://www.nuance.co.uk/for-individuals/by-product/dragon-for-mac/dragon-dictate/index.htm [2]: http://www.assistiveware.com/product/switchxs [3]: http://www.ablenetinc.com/Assistive-Technology/Switches/Buddy-Button-and-Big-Buddy

171 comments

[ 2.5 ms ] story [ 241 ms ] thread
Would something like Keycard[1] work for locking the screen when you're not nearby?

I wonder if it could be set to lock at boot unless your phone (or BT headphones or whatever) is nearby.

I doubt this can be all that secure since it can be downloaded from the App Store, I'm pretty sure that means it can be force quit (it could not prevent this key combo since its restricted in the sandbox). It may be just enough.

[1] http://www.appuous.com/products/mac/keycard.html

If you're not using whole disk encryption (or even partial encryption), then it doesn't really matter if you use a login password or not. The attacker can just clone the hard drive to gain access to your files.
> I want my personal information secure from casual passers-by who after having a quick peck on the keyboard would more than likely give up; I'm not looking for PRISM dodging security here
The threat model was casual passers-by. That may not seem much but severe disabilities change things a lot.

I am assuming that the OP is simply taking steps to mitigate an ever present fear of "being taken advantage of". There are some real arseholes out there, for example a friend of a friend was a blind dumb mute who was mugged in the street - nothing stolen except her cane and cards she used to communicate. She had no way to communicate with anyone, and they had no way to communicate with her.

She had to walk home...

I interpreted the threat as a passer-by stealing the laptop and not giving it back.
Bang on, it's the horrible person who comes into the house of somebody physically vulnerable and steals pain medication from them (true story); those are the people that are the adversary.

Pain medication, from somebody with nerve fire… I just don't understand that mentality!

Hi! I'm on the train with bad internet right now and so can't go looking but have you considered face recognition software using the laptops camera? There must be an app that takes a look at the webcam when a password challenge is presented.

Anyone know of anything?

Edit:

Found one! https://www.keylemon.com/download-other-versions/

From what I've read a lot of them can be spoofed with either a printed picture, or a video playing back.
(comment deleted)
It's probably enough for stopping the casual interference the OP wants to prevent.
So I guess the next step in the arms-race would be twin cameras (kinect?) to build a 3D image of a face.

Then the bad guys would make a sculpture.

Then the good guys could add some kind of mannerism detection (smile?, wink?).

Then the bad guys would work on latex masks.

....I quite want to see how this evolves tbh.

It's only going to evolve so far for consumer application. At some point, the barrier to cracking becomes too high for normal efforts. Who's going to spend 4-6 hours applying makeup to their face to crack your laptop's security (since the crack only applies to one instance) if you're only protecting your weird porn and some household financial data. You likely wouldn't hear about any efforts beyond that, since it would be spycraft.
Cloning. The end-game is cloning.
Not really, because it could require a combo of physical attributes and information known by the subject.
Age accelerated face cloning and spying to get information and iris or other samples needed?
Totally off topic, but why don't laptops come with twin cameras already?!?!?
He said he's not looking for high level security. Just something basic to "keep honest people honest".
I've used KeyLemon before on my computer.

Removed it the day a friend of mine unlocked it with his face(he looks quite different).

Couldn't someone hold up a picture of the OP's face to the camera to bypass this?
I'm not sure if any desktop software does this, but (some?) Android devices can optionally require a blink to unlock with facial recognition.
This is an excellent idea, and something I've tried but that particular application wouldn't recognise my face as I tend to lean to one side. But my leaning isn't reliable so it had had real trouble recognising me, not ideal if I'm trying to get into my computer :-)

Reliable facial recognition would be great though, just not managed to find it!

Just a thought but would a inverse keylogger work?

I would guess something like this- an arduino hooked up to something you can operate (BigBuddy?). This could then ask you for your PIN code (2 taps, 3 taps, 2 taps)

Once arduino is happy it will quirt a pre-stored key sequence into the USB port, acting as a keyboard, and unlock what you need.

I have no idea if it is really viable but its the best I have.

There's an application that lets you lock individual applications, but which should allow you to unlock it with dictation, as the rest of the OS is still working. Mac App Blocker (http://knewsense.com/macappblocker/)

There's also QuickLock which was/is a workaround to lock OS X quickly without using the screen saver + immediate password requirement. http://www.quicklockapp.com/

Note: I haven't used either, I'm just googling and looking at videos.

Maybe some kind of NFC device that you could wear so that the computer would lock/unlock when you were near it ?
That could be stolen though.
Glue it to the wheelchair. If someone steals that, he has worse problems.
But would a casual laptop theif think to check escapologybb's pockets?

Well, OK, a mugger might, but would they recognize little fob thing as something of import that must be close to the computer?

I'm not sure they would care. I don't know thta much about Macs, but my assumption is that you can do a format/reinstall just like any other computer.

Or, you know, just fence it.

If access to another device is just as problematic then a 13.56mhz MIFARE RFID sticker could do the trick with a Sonmicro USB RIFD reader.

The interface could just be a python script reading for serial over USB. I built some Raspberry Pi based RFID terminals that ran a python script in a loop, no problems running them for days on end.

That's the extent to which I know, someone else would have to chime in on exactly how to interface the script with access control.

That would be perfect, but instead of wearing it I could have something implanted in my arm for instance; and I would definitely notice of somebody tried to steal the tag!
Plus just tell the theft that it's something helps you breath, if he continues stealing it you can raise charges against him for attempted murder!
What do you think about biometric Voice fingerprints? Instead of voice-recognition.

.

---going further---

Then just encrypt the home folder's contents on a file-basis & sync it with a privately owned server. This improves the chances of data-recoverability on crashes or on filesystem corruption. Add a kill-switch toggle that erases all important files on the mac on 5 unsuccessful login attempts, and enables surveillance mode permanently using different tracking software (prey-project for example).

I'm really curious about this, I would be open to doing it but I have no idea how to go about implementing something like this!

Could you expand a little or point me at some resources, that would be great thanks :-)

(comment deleted)
Yes, I'd seen that before just didn't realise that was the term for it.

Something like that would be ideal if a system could be implemented that was reliable enough, there's always going to be some degree of false positive/negative but it would be cool otherwise.

Hi, do you have any movement or dexterity in your fingers at all? If so, please offer details of this or any other control you have that might be exploited. I have a colleague who once-upon-a-time built a system of low-force buttons and other goodies that enabled a quadriplegic person to work a telephone very effectively, as in they were subsequently employed to do some kind of work over the telephone. Would something like that be of use?

I think you might also be able to make use of a kinect or Andriod/iPhone and some eye-tracking.

Also, do you know of these guys? It's where my colleague worked about twenty years ago. http://www.tirrfoundation.org/

PS re: "I want my personal information secure from casual passers-by who after having a quick peck on the keyboard would more than likely give up; I'm not looking for PRISM dodging security here :-)"

How about an RFID tag fixed to your wheelchair, and a transceiver for it mounted on your computer desk?

In the vein of finger dexterity, I fear it must be very low, otherwise I'd expect use of a small "joystick mouse" rather than (or at least as a supplement to) SwitchXS and a single-button switch.

That said, I've heard of some quadriplegics with basic finger function using morse code-style inputs in various ways. I don't know details, but this[1] popped up in Google. It seems old but potentially interesting.

I wonder how much work it would be to put together something like an Arduino-based device that takes morse-like input and simulates a USB or Bluetooth keyboard?

[1] http://www.makoa.org/jlubin/morsecode.htm

Yup, colleague says he designed and built several different sip & puff controls for various things.

>I wonder how much work it would be to put together something like an Arduino-based device that takes morse-like input and simulates a USB or Bluetooth keyboard?

IMO it has never been easier.

Here's a simple idea (lacking in specific implementation details, sorry):

- Figure out how to add a text filter between DragonDictate and your system.

- Program the filter to look for a special sequence, e.g. "cipher_mode"

- When in cipher mode, feed characters through a simple cipher. E.g. A -> C, B -> D, etc. No passerby is going to be able to figure out what you're doing.

- When the filter sees "cipher_mode" again then it stops filtering.

If a passerby hears you say "cypher mode A Y R cypher mode" to unlock your computer, they might not figure out that your password is CAT, but they will figure out that "cypher mode A Y R cypher mode" unlocks the computer.
Obviously you'd pick a better phrase than "cipher mode".

But you make a good point. I think this approach can still work though.

- Rotate the cipher based on the current day/time, or rotate it based on the previous use.

- You could prime the next password each time you successfully login. So e.g. every time you login, you offer 3 additional letters in "clear mode", but then have to give them back in cipher mode.

I think I'd go with the last one.

The worst part about all this is that it requires custom programming.

You can set LastPass to prompt for the password every time you need to login to a password[1]. This presumably disables password caching in the plugin. Would that solve the your first problem?

[1] https://helpdesk.lastpass.com/account-settings/security/

Yes, that's what I'm doing at the moment but I'm unlocking the passwords on a session by session basis rather than one password at a time.
Yubikey would work if you could mount it so that you can touch the touch-pad with your nose. I don't know if that's acceptable to you?
Hi, that would be acceptable just not physically doable I'm afraid. My range of movement would prohibit this unfortunately.
Buttons are actually very simple devices, I've owned a yubikey (it got stolen, together with my other regular keys >.<) but I think it is actually very simple to remove it, solder two wires to it and connect it to a switch of any size that you can attach to whatever is within your range of motion :)

I'm based in the Netherlands so I probably can't help you, but maybe you could ask an electrician near you to help you with it.

There is a Yubikey model that uses NFC called the NEO[1]. So it would operate simply by your being close to the computer. At the moment, the NFC only works with Android, iOS, Windows Phone, and Blackberry, but it might be able to be ported easily. I'm looking into how this might help you now (Yubikey has an SDK).

You're on OSX, so let me see what I can come up with. No promises, but I'm looking.

1. http://www.yubico.com/products/yubikey-hardware/yubikey-neo/...

EDIT: I see that the Yubikey NEO is sold out for the next 5 weeks, so this may not be the best option for you.

EDIT2: The best solution was referenced by silverlight above, it's called TokenLock for Mac OSX, and it's $3 in the App Store. You can use it with bluetooth devices. Just get some little $20 bluetooth device or headphones you can pair it with, and have someone put it in your pocket. Please take a look here (again, thanks to poster silverlight above): http://www.map-pin.com/tokenlock-home/ Never used it, but it looks pretty versatile and can be used with all sorts of login approaches.

For securing your browser passwords, I think the Yubikey with the NFC chip will be your best bet. Right now, they don't have OSX software available specifically for the NFC, but I imagine they will release some eventually. I'd call and ask them.

I think as soon as they bring out some software on the Neo model that would be ideal, I'll definitely get in touch with them. Excellent find!

As for TokenLock, I downloaded the free trial and during the setup process my laptop locked up for apparently no reason; I had to have my partner stop at she was doing and come and restart the computer for me. Clearly not an ideal situation.

It really was a case of;

Download and install application Run through the setup process, which appeared to go flawlessly Read's helpful message that laptop will be locked when iPhone goes out of range … Laptop locks up as I'm reading the message, whilst my iPhone has sat resolutely still about 5 inches from my laptop!

That is a terrible level of reliability for me I'm afraid :-)

Forgive the off the cuff suggestion here, it's the quickest and simplest thing I can think of though not an optimum way to use your laptop and you're probably hoping for a more elegant solution.

What if you install virtual box w/ some free OS (like ubuntu). Store all your personal information within the virtual machine which is configured with a secure login. Then you can leave the laptop unsecured so you can use your other apps to dictate the password to the ubuntu OS for login.

That's just punting. How does he login to the secure VM?
If I had to guess, he would "use [his] other apps to dictate the password to the ubuntu OS for login".
He can type things using dictation and that would presumably let him log into the VM, his problem is that the dictation won't work for the OSX lock screen.

The idea probably has some other practical problems though.

I don't see how that would make it harder. Audio surfing is easier than should surfing. Wonder if he could somehow get his one-button clicker to translate morse code into ascii. Then he really could log in in a fairly secure way.
I don't think he's trying to make it more secure, just trying to get a minimum level of security where he can open the laptop and input a password. Right now, the OP is unable to do that due to OSX not allowing any applications to run at the login screen.
Audio eavesdropping could be pretty easily defeated with a challenge/response system. And if the speech recognition system is powerful enough, the response to the challenge could simply be to repeat the challenge in your own voice - which would be really user friendly.
You're jumping the gun a bit... the main problem is that they can't secure their main computer, since they require dictation to work in order to enter passwords. For the main login screen, the dictation software isn't loaded yet.

If they can password-less auto-login to the main computer, then use their dictation software to load up a VM, that VM could be considered secure.

As a side note, can't you also run Mac OS X as a VM guest from a Mac OS X host? I thought that Apple made that license change a while back. If that's the case, they could keep it all Mac, if they'd like.

You know, I hadn't actually considered that! That certainly could solve quite a lot of the security problems, but as you say it adds a layer of complexity to an already complex method of using my computer. Excellent idea though :-)
If you think OS X offers better dictation/accessibility support than Ubuntu does you can also virtualize OS X on OS X using VMWare Fusion. I'm sure there are other ways of doing this but I know that VMWare Fusion supports this [1]. I don't believe that you will even have to pay for licensing OS X since it is already on an Apple manufactured hardware.

[1] http://kb.vmware.com/selfservice/microsites/search.do?cmd=di...

You are correct, the OS X EULA since 10.7 Lion has allowed two additional instances to be run within virtualization at no additional charge. Here is the EULA for 10.8, search for "virtual": http://www.apple.com/legal/sla/docs/OSX1082.pdf

("...you are granted a limited, non-transferable, non-exclusive license... (iii) to install, use and run up to two (2) additional copies or instances of the Apple Software within virtual operating system environments on each Mac Computer you own or control that is already running the Apple Software, for purposes of: (a) software development; (b) testing during software development; (c) using OS X Server; or (d) personal, non-commercial use...")

I use this exact method to get around VPN restrictions. Works great running a VM Windows 8 within another instance of Windows 8. On an SSD the VM seems to be as fast as the actual machine.
How does that get you around VPN restrictions? Do you then forward your traffic through some proxy?
I think the virtual machine is vpned and the external machine is not. Then you can get all the traffic you need passed through the inner vm while still getting outside traffic on your main.
The Ubuntu VM's virtual hard disk is right there for the taking, though.
An encrypted home directory will help some with that.
That won't work since escapologybb can't type a password at the OS X lock screen.
encrypted home dir on the guest OS, not host.
Assuming you shut it down every time you walk away. AFAIK VirtualBox doesn't encrypt snapshots (which include RAM contents and therefore the encryption key).

OP could get at least get screensaver-lock functionality, but actual security in this situation is hard.

At least the Ubuntu VM can be password protected and encrypted, unlike OS X in this scenario, or am I missing some other issue?

Using a VM as the "real" machine seems to be at least as effective as any other suggestion made here and far less brittle.

Adversary profile precludes this vector.
I would like this as a bumper sticker/answering machine message.

>Ring....

>Ring...

[pickup]

>"Adversary profile precludes this vector"

[/hangup]

I use than SIP provider for all my telephone stuff, which gives me the ability to have menus etc.

I've now got one for "press one if you're calling me about an unbelievable sales opportunity" that gives the exact response. I have no idea if anybody has called it yet, but it's kept me laughing for the past three days!

Could you provide some details on how you set that up? It sounds interesting!
No problem, I first signed up for an account with SIP Centric[1], then once you've bought a phone number, you click on IVR menus in the sidebar and then it is point-and-click from there on; it really is surprisingly easy!

[1]: http://pbx.sipcentric.com/

I can't tell you how happy that makes me.
You could use something like TrueCrypt to encrypt the vhd/vmdk(s). How aggressively you mount/unmount the volume depends on the circumstances.
Unlocking a computer programatically is hard and should be so. Locking on the other hand isn't. Perhaps you could lock upon fail to NFC authenticate every x seconds. That only answers part of the question, since the attacker would still have x seconds to snoop around every time he logged in, but would be such a nuisance that he probably would give up.
If you're interested in a custom hardware solution, the folks at hackaday.com may be helpful.
How about bluetooth-based locking and unlocking, using an app like this?

https://itunes.apple.com/us/app/bluetooth-unlock/id576603568...

It looks like it may work with any BT device, so even if you don't have a BT-enabled phone, you could get a cheap BT headset or something, and keep it on you.

I'd also like to say that it's great to see you doing so well with technology. I had a quadriplegic friend when I was little (he was an adult) who had a nice setup for the time, but his independence was limited to a few things like Clappers for lights, TV remotes, and such. I sometimes wonder just what crazy things he'd be getting up to if he was still around today with a setup like yours.

My only issue with Bluetooth pairing is that iPhones are incredibly shiny, and carers work for minimum wage and the thought of not only my iPhone going walkies but it locking my laptop in the process… My head might actually explode :-)
If it does indeed work with arbitrary BT devices like I think it does (please verify this for yourself before you buy!) then you can get a cheap headset for $15 or so and key it to that instead of your phone. If your Mac (and the software) supports BTLE, you could even use a specialized token like a Stick-N-Find.

This app does claim to support any BT device, just in case the other one doesn't:

https://itunes.apple.com/us/app/tokenlock/id402433482?mt=12

Hope you figure out something that's to your liking.

"If it does indeed work with arbitrary BT devices like I think it does … "

Perhaps a Pebble Watch?

Perhaps you should pay your carers better, so you can hire quality people....

You can also get a proximity alarm for your iPhone.

> Perhaps you should pay your carers better, so you can hire quality people....

Easy to say things like that isn't it.

Why do you assume he pays the carers? For that matter, why do you assume he could afford to in the first place?
There might be Android alternatives, which would allow you to get a much cheaper device.

Perhaps even a very ugly iPod Touch might work.

There's a program out there that can use a webcam to detect where you're looking on a screen. It performs a "click" if you hover over a button for a few seconds. Mix that with an on screen keyboard and that might work. I don't know if those options work with OSX though.
Camera Mouse 2013 does that on windows for free. Not a great option since it doesn't always follow whatever it is tracking that well. You would need to go with an expensive option like http://www.tobii.com/ if you wanted good eye tracking, but that is expensive and I don't think Mac compatible. Plus, not always as accurate or easy to use as you would think.
The next Kinect is supposed to be able to detect eye movement. I don't think it would be too hard to implement something that would prompt for a sequence of eye movements after pressing the single button switched described by OP. I don't know if this would take care of both use cases, but I think it would take care of the first.
couldn't you just completely disable the keyboard?
We have patented something called PassRules which does not disclose your secret during normal use. It's the perfect solution for you but unfortunately we don't have a version for Mac -- only Windows. But if there's sufficient interest we might just develop one. Check us out at www.itsmesecurity.com
This is a great example of how patents help humanity.
Help yourself and download our FREE versions for Windows workstations, Android devices, iPhone, and iPad.
TIL that everyone needs a patent to prove defensibility to VC's, but no one is allowed to mention a patent on HN without being down voted, because patents are evil.
Good thing you have a patent. Now, if you can't be bothered to make a Mac version, no one can! (maniacle villian laughter goes here, don't forget to twirl your mustache)
Not true, we'd be happy to work with Mac developers. It's just that we don't have the skills in house. Any takers?
This is one reason why you write for the JVM. I have Mac users for software that I've never personally used on a Mac.
JVM path not feasible when the goal is O/S security
http://quadstick.com is developing a mouth operated programmable joystick/mouse/keyboard. A sequential combination of up to eight input signals (specific joystick movements and/or a sequence of hard or soft sip & puffs on four different tubes) can trigger the sending of up to six preprogrammed keyboard keys, or it can just recognize characters traced out on the joystick and send them one at a time.
Was this posted by Hal Finney? He's unfortunately a quadriplegic now but still programs.
When I messed with army radios - these being the made-by-the-lowest-bidder-and-not-secret analogue variety - they were throat-operated. You spoke silently, and the microphone - pressed to your throat - sent speech over the radio.

It took practice to talk perfectly clearly, but it could be mastered.

Google "throat microphone".

If I had one of them, I would totally be able to pretend I'm in the SAS on some secret mission!:D Obviously a mission that didn't involve any stairs, and nothing above 6 miles an hour (top speed of my chair!) With lots of ramps and extrawide doors :-)

Seriously though, I'm connected to this computer with a ton of cables and if that could be made to play nice with Dragon, and it wasn't too tight across where the break is in my neck it would be brilliant!

Throat microphone + headphones makes it all effectively private from literal evesdroppers :)
If you're in the UK they can be picked up pretty cheaply from surplus stores, and no doubt online too. There must be some consumer-grade ones knocking about too which might be worth a shot if you're not sure if it'll work or not :)
I've just ordered a USB version because Dragon requires really clear quality sound, and just plugging a 3.5 mm jack into the Line In port is and going to work because Dragon will only recognise USB devices.

But fingers crossed this one will work!

If you can't find one commercially, then its just to do an "ask HN" for anyone to help you acquire one or can make you one etc :)
If you're already "wired up to the computer", would another USB connection make any difference?

An Arduino can act as a keyboard ( http://hackaday.com/2012/06/29/turning-an-arduino-into-a-usb... )

You could then hook that into some controls you've already got on the chair - the obvious choice being to have "Up, Up, Down, Down, Left, Right, Left, Right, B, A, Start" trigger the Arduino to type out your password.

(Where are you from? I know if someone asked for help with this on my local (Sydney, Australia) hackerspace mailing list, there's probaby be three or four people building prototypes by the weekend…)

Unfortunately adding another USB connection would make a difference, there is the cognitive load of just being tethered to my computer there are sometimes situations where I need to get out of my wheelchair quickly; so minimising connections is the order of the day.

That being said this solution could be implemented wirelessly maybe? I mean have the arduino sitting somewhere connected to the laptop wirelessly, and then have a switch connected to the arduino wirelessly as well?

The only sticking points I could see are that obviously I can't assemble these things myself, and travelling to a Hackerspace would be impossible unfortunately.

Also, I'm in the UK.

Hmmm. It's also possible to do the same "pretend to be a keyboard trick" over bluetooth - it's just a little more expensive than via Arduino/USB. It's about an extra $50-ish to add bluetooth capability to an Arduino (at least at sparkfun.com prices).

I'm in Australia, so the UK is a bit far to be prototyping - did you see Helgosam's post else-thread? Sound's like he's at least in the same country as you and capable of helping out (and/or putting you in touch with other locals who're in this space…)

https://news.ycombinator.com/user?id=Helgosam https://news.ycombinator.com/item?id=6054049

In a similar vein, emotiv [1] sell an EEG headset, which is purported to offer mind control. I've no clue whether these things actually work or what they are useful for. I'm only aware of this device because I used to work with one of the principals in the company.

[1] http://www.emotiv.com/

This looks like it would be massively useful, but it's really expensive at the moment which keeps it out of my hands unfortunately :-(

It looks like it could be applied to all sorts of accessibility situations and problems though!

Face recognition is the best answer I can come up with to unlock the computer. Setup a usb-wrist band that when you computer gets pulled away from will auto lock.
It should be possible to make an OSX app that disables the hardware keyboard and touchpad, that can be toggled by voice password.

The laptop only being accessible via voice recognition and one button should be enough to render the entire system unusable to casual snoops.

edit: Looks like you can disable/reenable the builtin keyboad/touchpad with terminal commands, so it'd just be a matter of scripting them to voice shortcuts: http://superuser.com/questions/214221/how-can-i-lock-the-mou...

ps: be sure to have a plan B to reboot your laptop while experimenting with this in case it locks out your controls somehow.

Since you are here , a few questions (not related to the current subject): you might be surfing on the web , given your condition , what are the annoying stuff you encounter that makes your surfing harder and that could be ,easily fixed if web developpers actually cared about accessibilty.

Do you have exemples of websites that use technology to facilitate surfing for disabled people , that could be shown as an exemple of good accessibility practice ?

thanks and take care.

Hi, hit me up on Twitter and I'd be happy to help. @escapologybb
Maybe use your current system with a rolling password, so that the previous password no longer works?

Obviously that would take a little feat of memory, or at least some kind of prompt, but you could memorize a poem or something and use that - it would prevent replay attacks.

Or, use an algorithmic password, perhaps one where you do a sum based on the time of day.

All these solutions require some level of coding sadly, but I would have thought it would be something a freelancer could knock up relatively cheaply.