In the iOS 16 beta, Apple implemented the ability to bypass CAPTCHA, verification tools that ensure you’re not a bot. If you have an iPhone, it will soon be easier to create accounts on certain websites and apps using iOS 16’s automatic verification feature.
Are you the last sentient Google bot from the future of Android that has infiltrated humanity, or are you just tired of having to select all images containing fire hydrants to verify your identity? Apple just introduced a feature called automatic verification in iOS 16.
This option is available by default in the first beta of iOS 16 and can be found at set up > Apple ID > Password and Security. Specifically, by activating auto-verification, iCloud automatically and securely verifies your Apple ID and your device in the background, preventing you from filling out verification codes when authenticating yourself on websites or apps.
Apple explains how this feature should work in the explainer video below.
Private access tokens provide a more intuitive yet more accessible user experience
This Apple feature is based on what the company calls Private Access Tokens. Apple starts by explaining that if you log into a website, you already have to unlock your iPhone with a passcode or Face ID, you have an Apple account logged in on your iPhone, and you open an app Safari to access the site.
So many actions are unlikely to be performed by a bot, and it is already possible to tell the human nature of a website user trying to access it, that the use of captcha has become irrelevant. So a private access token would be a kind of virtual badge of trust that tells a website that you’re not a robot, but a human.
This is how Apple’s Private Access Token replaces CAPTCHA / © kwgeek
The site or app’s server can then ask your iPhone for these virtual badges. These badges are never directly linked to your personal data and won’t allow you to be tracked even if you use the same website multiple times.
It’s just Apple telling the site “Ok, trust me, I scanned his face, or I know his Apple ID, he’s a good guy.” This request exchange and token transfer is done according to the IETF (Internet Engineering Task Force, Internet Standardization Institutions) approved protocols are completed.
At the end of the day, Apple’s idea is not only to make the user experience more intuitive and smooth, but also more accessible, as CAPTCHA can be a hindrance for some users.
This new feature will be available on all iOS 16 devices, but will also be available on Macs running macOS Ventura. Some industry players like Cloudfare or Fastly have already announced support for these Apple private access tokens. So once iOS 16 officially launches in September next year, the number of compatible websites and apps is already impressive.
What do you think of this feature from Apple? Do you think it is as safe as CAPTCHA? Are captchas a real hindrance to your user experience?