It’s pretty annoying to go through CAPTCHA verification where you have to identify weird squiggly letters or click on images of the boat till there are none left — just to prove that you’re not a robot. Apple might be getting rid of this problem with a new feature in the upcoming iOS 16 and macOS Ventura.
The company is introducing a new automatic verification setting — which will live under Settings > Apple ID > Password & Security > Automatic Verification — which will verify you as a human to a website or an app without filling out a CAPTCHA.
“Bypass CAPTCHAs in apps and on the web by allowing iCloud to automatically and privately verify your device and account,” Apple’s description of the feature on iOS reads.
In a presentation at the Worldwide Developer Conference (WWDC), Apple argued that CAPTCHAs are cumbersome to fill out for users, don’t often follow privacy best practices by tracking a user’s IP address, and they could block out users with disabilities who find it difficult to complete a CAPTCHA challenge.
The company said, instead, that websites can use Private Access Tokens (PATs) to verify that a human is accessing them. Servers can request tokens using HTTP PrivateToken authentication method. Because of this, servers can only get information about verification without knowing any user-facing data like IP addresses.
As AppleInsider explains, Apple uses an iCloud-based attestor to sign off these tokens, and your device’s secure enclave provides a certificate. It also checks for actions — like unlocking your iPhone with Face ID or visiting a website through Safari on that device — that are hard for bots to imitate.
Image Credits: Apple
Apple has worked with cloud service providers like Cloudflare and Fastly to support PATs, so users can live a CAPTCHA-free life. Cloudflare noted that it has managed the use of CAPTCHA by 91% by using its Managed Challenge Platform to identify users in the last few years — and now the platform has support for PATs.
Cloudflare challenge
The good news is that PATs can be cross-platform, as Google, Apple, Cloudflare, and Fastly all have contributed to developing this protocol. However, there’s no implementation for this on the Android side, so only Apple device users will be able to hop over CAPTCHAs.
During the WWDC event, Apple announced security and privacy-faced features such as real-time security updates that are separate from system updates, the ability to login into services without any password, and locked folders for hidden and deleted photos.