In the iOS 16 beta, Apple implemented a feature to bypass CAPTCHAs, these verification tools to ensure that you are not a robot. If you have an iPhone, you’ll soon be able to create an account on certain sites and apps much more easily with this iOS 16 feature called Automatic Verification.
Are you a recently sentient Google bot, an Android from the future who has infiltrated Humanity, or are you just tired of having to select all the images containing a fire hydrant to authenticate yourself? Apple just introduced a feature in iOS 16 called Automatic Verification.
This option, available by default in the first betas of iOS 16, can be found in the Settings > Apple ID > Passwords and Security. Concretely, by activating the automatic verification function, iCloud will automatically and securely verify your Apple ID and your device in the background, avoiding you having to fill in a captcha when authenticating yourself on a website or in a application.
Apple explains how this feature is supposed to work in the explainer video below.
Private Access Tokens for a more intuitive but also accessible user experience
This Apple feature is based on what the firm calls Private Access Tokens. Apple starts by explaining that if you’ve signed in to a site, you’ve already had to unlock your iPhone with a passcode or Face ID, you have an Apple account that you’re signed into on your iPhone, and you opened an application, Safari, to access that site.
So many actions that are unlikely to have been performed by a bot and that can already tell a site about the human nature of the user trying to access it, making the use of a CAPTCHA already irrelevant. The Private Access Token would therefore be a kind of virtual trust badge that tells sites that you are not a bot, but indeed a human.
The server of a site or an application can then ask your iPhone for these virtual badges. These badges are in no way directly linked to your personal data and do not allow you to be tracked even if you use the same site several times.
It’s just Apple telling the site “Okay, trust me, I scanned his face or I know his Apple ID, he’s a good guy.” This exchange of requests and token transmission is done according to a protocol recognized by the IETF (Internet Engineering Task Force, an Internet standardization organization).
Ultimately, Apple’s idea is not only to make the user experience more intuitive and fluid, but also to make it more accessible, as CAPTCHAs can be a hindrance for some users.
This new feature will be available on all iOS 16 devices but also Macs running macOS Ventura. Some industry players such as Cloudfare or Fastly have already announced support for these Apple Private Access Tokens. The number of compatible sites and applications will therefore already be very substantial once iOS 16 is officially launched next September.
What do you think of this feature from Apple? Do you think it is as secure as CAPTCHAs? Are CAPTCHAs a real obstacle to your user experience?