Apple will get rid of CAPTCHA verification with a new feature in its upcoming iOS 16 and macOS Ventura updates. The company is bringing a new automatic verification setting — under Settings > Apple ID > Password & Security > Automatic Verification — that will verify a user as a human to a website or app without a CAPTCHA.
Apple’s description of the feature for iOS reads: “Bypass CAPTCHAs in apps and on the web by allowing iCloud to automatically and privately verify your device and account.”
During its keynote at the Worldwide Developer Conference (WWDC), Apple said CAPTCHAs were cumbersome to fill out, didn’t follow best privacy practices by tracking IP addresses, and could block out users with disabilities who found it difficult to complete a CAPTCHA.
Instead, websites can use Private Access Tokens (PATs) to verify if a human is accessing them, the Cupertino-based tech giant said. Servers can use HTTP PrivateToken authentication method to request tokens. This will allow servers to only get information about verification without knowing any user-facing data such as IP addresses.
Apple uses an iCloud-based attestor to sign off on the tokens, AppleInsider reported, and the device’s secure enclave provides a certificate. It also checks for actions — such as unlocking the iPhone with Face ID or visiting a website through Safari — that are hard for bots to imitate.
Apple has worked with cloud service providers Fastly and Cloudflare to support PATs to offer users a CAPTCHA-free life. PATs can be cross-platform, as Apple, Google, Fastly, and Cloudflare have all contributed to developing the protocol. However, there is no implementation on Android yet.
During the WWDC event, Apple announced several security and privacy features, such as real-time security updates separate from system updates, the ability to log in into services without passwords, and locked folders for deleted and hidden photos.