That reminds me of one of the old tricks for resetting the password on a Windows machine, which involves renaming cmd.exe to the name of the binary that gets run (can't remember the exact name at the moment) when you chose the "Ease of Access" option. It certainly gives you easy access!

> which involves renaming cmd.exe to the name of the binary that gets run (can't remember the exact name at the moment) when you chose the "Ease of Access" option.

utilman.exe I abused this back in the early days of disclosure

I personally copy it to osk.exe (on screen keyboard, but only the accessibility version, not the regular Windows version)

Same in Android - it's used by most malware.

One example might be audio captchas. They're needed, of course, but it means there's two avenues open to attackers now.

Audio captchas don't really solve the underlying problem. Yes, they make things easier for english-speaking blind people with no hearing problems, but that's about it.

From an accessibility perspective, the only solution that makes sense is pervasive surveillance to determine if you're human or not.

A lock needs not be unbreakable. It only needs to be more expensive to break than the value of the things it protects.

So captchas should only be hard enough to make complicated setups involving ML models or pipelines to Mechanical Turk not worth it. Pervasive surveillance is an overkill for this particular purpose.

I'm not really talking about this from an a11y standpoint, but audio CAPTCHA's are so much easier than "choose the fire hydrant" hell.

I actually remember reading a post saying that an accessible CAPTCHA is hard. To make it accessible, you have to make it machine-readable, which defeats the point...